Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-09 | CVE-2017-6589 | Cross-site Scripting vulnerability in Epiceditor Project Epiceditor EpicEditor through 0.2.3 has Cross-Site Scripting because of an insecure default marked.js configuration. | 6.1 |
| 2017-03-09 | CVE-2017-6562 | Cross-site Scripting vulnerability in Agora-Project 3.2.2 XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=file&targetObjId=fileFolder-2&targetObjIdChild=[XSS] attack. | 6.1 |
| 2017-03-09 | CVE-2017-6561 | Cross-site Scripting vulnerability in Agora-Project 3.2.2 XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=object&action=[XSS] attack. | 6.1 |
| 2017-03-09 | CVE-2017-6560 | Cross-site Scripting vulnerability in Agora-Project 3.2.2 XSS in Agora-Project 3.2.2 exists with an index.php?ctrl=misc&action=[XSS]&editObjId=[XSS] attack. | 6.1 |
| 2017-03-09 | CVE-2017-6559 | Cross-site Scripting vulnerability in Agora-Project 3.2.2 XSS in Agora-Project 3.2.2 exists with an index.php?disconnect=1&msgNotif[]=[XSS] attack. | 6.1 |
| 2017-03-09 | CVE-2017-6556 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Cross-site scripting (XSS) vulnerability in CMS Made Simple (CMSMS) 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the "adminpage > sitesetting > General Settings > globalmetadata" field. | 5.4 |
| 2017-03-09 | CVE-2017-6555 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 Cross-site scripting (XSS) vulnerability in /admin/moduleinterface.php in CMS Made Simple 2.1.6 allows remote authenticated users to inject arbitrary web script or HTML via the m1_description parameter (aka "Design Manager > Categories > Category Description"). | 5.4 |
| 2017-03-09 | CVE-2017-6547 | Cross-site Scripting vulnerability in Asus Rt-Ac53 Firmware 3.0.0.4.380.6038 Cross-site scripting (XSS) vulnerability in httpd on ASUS RT-N56U, RT-N66U, RT-AC66U, RT-N66R, RT-AC66R, RT-AC68U, RT-AC68R, RT-N66W, RT-AC66W, RT-AC87R, RT-AC87U, RT-AC51U, RT-AC68P, RT-N11P, RT-N12+, RT-N12E B1, RT-AC3200, RT-AC53U, RT-AC1750, RT-AC1900P, RT-N300, and RT-AC750 routers with firmware before 3.0.0.4.380.7378; RT-AC68W routers with firmware before 3.0.0.4.380.7266; and RT-N600, RT-N12+ B1, RT-N11P B1, RT-N12VP B1, RT-N12E C1, RT-N300 B1, and RT-N12+ Pro routers with firmware before 3.0.0.4.380.9488 allows remote attackers to inject arbitrary JavaScript by requesting filenames longer than 50 characters. | 6.1 |
| 2017-03-08 | CVE-2017-6544 | Cross-site Scripting vulnerability in Wuhu Project Wuhu 20170308 Gargaj/wuhu through 2017-03-08 is vulnerable to a reflected XSS in wuhu-master/www_admin/users.php (id parameter). | 6.1 |
| 2017-03-08 | CVE-2016-9006 | Cross-site Scripting vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy 6.1 and 6.2 is vulnerable to cross-site scripting. | 5.4 |