Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-03-05 CVE-2017-6480 Cross-site Scripting vulnerability in Groovel Project Cmsgroovel 3.3.6
groovel/cmsgroovel before 3.3.7-beta is vulnerable to a reflected XSS in commons/browser.php (path parameter).
network
low complexity
groovel-project CWE-79
6.1
6.1
2017-03-05 CVE-2017-6479 Cross-site Scripting vulnerability in Fenix Hosting Fenix-Open-Source 20170221
FenixHosting/fenix-open-source before 2017-03-04 is vulnerable to a reflected XSS in forums/search.php (search-by-topic parameter).
network
low complexity
fenix-hosting CWE-79
6.1
6.1
2017-03-05 CVE-2017-6478 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4
paintballrefjosh/MaNGOSWebV4 before 4.0.8 is vulnerable to a reflected XSS in install/index.php (step parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-03 CVE-2015-8815 Cross-site Scripting vulnerability in Umbraco
Multiple cross-site scripting (XSS) vulnerabilities in Umbraco before 7.4.0 allow remote attackers to inject arbitrary web script or HTML via the name parameter to (1) the media page, (2) the developer data edit page, or (3) the form page.
network
low complexity
umbraco CWE-79
6.1
6.1
2017-03-03 CVE-2017-5833 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Cross-site scripting (XSS) vulnerability in the invocation code generation for interstitial zones in Revive Adserver before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
low complexity
revive-adserver CWE-79
6.1
6.1
2017-03-03 CVE-2017-5832 Cross-site Scripting vulnerability in Revive-Adserver Revive Adserver
Cross-site scripting (XSS) vulnerability in Revive Adserver before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the user's email address.
network
low complexity
revive-adserver CWE-79
5.4
5.4
2017-03-03 CVE-2017-5616 Cross-site Scripting vulnerability in Cpanel Cgiecho and Cgiemail
Cross-site scripting (XSS) vulnerability in cgiemail and cgiecho allows remote attackers to inject arbitrary web script or HTML via the addendum parameter.
network
low complexity
cpanel CWE-79
6.1
6.1
2017-03-03 CVE-2016-10203 Cross-site Scripting vulnerability in Zoneminder
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the name when creating a new monitor.
network
low complexity
zoneminder CWE-79
6.1
6.1
2017-03-03 CVE-2016-10202 Cross-site Scripting vulnerability in Zoneminder
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the path info to index.php.
network
low complexity
zoneminder CWE-79
6.1
6.1
2017-03-03 CVE-2016-10201 Cross-site Scripting vulnerability in Zoneminder
Cross-site scripting (XSS) vulnerability in Zoneminder 1.30 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter in a download log request to index.php.
network
low complexity
zoneminder CWE-79
6.1
6.1