Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-07-11 CVE-2017-8569 Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2016
Microsoft SharePoint Server allows an elevation of privilege vulnerability due to the way that it sanitizes a specially crafted web request to an affected SharePoint server, aka "SharePoint Server XSS Vulnerability".
network
low complexity
microsoft CWE-79
8.8
8.8
2017-07-11 CVE-2017-8560 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability".
network
low complexity
microsoft CWE-79
6.1
6.1
2017-07-11 CVE-2017-8559 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016
Microsoft Exchange Server 2010 SP3, Exchange Server 2013 SP3, Exchange Server 2013 CU16, and Exchange Server 2016 CU5 allows an elevation of privilege vulnerability due to the way that Exchange Outlook Web Access (OWA) handles web requests, aka "Microsoft Exchange Cross-Site Scripting Vulnerability".
network
low complexity
microsoft CWE-79
6.1
6.1
2017-07-10 CVE-2017-6734 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface of an affected device, related to the Guest Portal.
network
low complexity
cisco CWE-79
5.4
5.4
2017-07-10 CVE-2017-6733 Cross-site Scripting vulnerability in Cisco Identity Services Engine 2.1(102.101)/2.2(0.283)/2.3(0.151)
A vulnerability in the web-based application interface of the Cisco Identity Services Engine (ISE) portal could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
6.1
2017-07-10 CVE-2017-11163 Cross-site Scripting vulnerability in Cacti 1.1.12
Cross-site scripting (XSS) vulnerability in aggregate_graphs.php in Cacti 1.1.12 allows remote authenticated users to inject arbitrary web script or HTML via specially crafted HTTP Referer headers, related to the $cancel_url variable.
network
low complexity
cacti CWE-79
5.4
5.4
2017-07-08 CVE-2017-11107 Cross-site Scripting vulnerability in multiple products
phpLDAPadmin through 1.2.3 has XSS in htdocs/entry_chooser.php via the form, element, rdn, or container parameter.
network
low complexity
phpldapadmin-project debian CWE-79
6.1
6.1
2017-07-07 CVE-2017-10991 Cross-site Scripting vulnerability in Wp-Statistics WP Statistics
The WP Statistics plugin through 12.0.9 for WordPress has XSS in the rangestart and rangeend parameters on the wps_referrers_page page.
network
low complexity
wp-statistics CWE-79
6.1
6.1
2017-07-07 CVE-2017-2243 Cross-site Scripting vulnerability in Dfactory Responsive Lightbox
Cross-site scripting vulnerability in Responsive Lightbox prior to version 1.7.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
dfactory CWE-79
6.1
6.1
2017-07-07 CVE-2017-2224 Cross-site Scripting vulnerability in Web-Dorado Event Calendar WD
Cross-site scripting vulnerability in Event Calendar WD prior to version 1.0.94 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
web-dorado CWE-79
6.1
6.1