Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-30 | CVE-2015-9102 | Cross-site Scripting vulnerability in Synology Photo Station Multiple cross-site scripting (XSS) vulnerabilities in Synology Photo Station 6.0 before 6.0-2638 and 6.3 before 6.3-2962 allow remote authenticated attackers to inject arbitrary web script or HTML via the (1) album name, (2) file name of uploaded photos, (3) description of photos, or (4) tag of the photos. | 5.4 |
| 2017-06-29 | CVE-2017-10673 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS admin/profile.php in GetSimple CMS 3.x has XSS in a name field. | 6.1 |
| 2017-06-29 | CVE-2017-10667 | Cross-site Scripting vulnerability in Zen-Cart ZEN Cart 1.6.0 In index.php in Zen Cart 1.6.0, the products_id parameter can cause XSS. | 6.1 |
| 2017-06-28 | CVE-2017-1106 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-06-28 | CVE-2017-5241 | Cross-site Scripting vulnerability in Biscom Secure File Transfer Biscom Secure File Transfer versions 5.0.0.0 trough 5.1.1024 are vulnerable to post-authentication persistent cross-site scripting (XSS) in the "Name" and "Description" fields of a Workspace, as well as the "Description" field of a File Details pane of a file stored in a Workspace. | 5.4 |
| 2017-06-27 | CVE-2017-1234 | Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager IBM QRadar 7.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-06-26 | CVE-2017-9145 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware TikiFilter.php in Tiki Wiki CMS Groupware 12.x through 16.x does not properly validate the imgsize or lang parameter to prevent XSS. | 6.1 |
| 2017-06-26 | CVE-2017-7416 | Cross-site Scripting vulnerability in Ntop Ntopng ntopng before 3.0 allows XSS because GET and POST parameters are improperly validated. | 6.1 |
| 2017-06-24 | CVE-2017-9836 | Cross-site Scripting vulnerability in Piwigo 2.9.1 Cross-site scripting (XSS) vulnerability in Piwigo 2.9.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the virtual_name parameter to /admin.php (i.e., creating a virtual album). | 4.8 |
| 2017-06-23 | CVE-2017-1348 | Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2 IBM Sterling B2B Integrator Standard Edition 5.2 is vulnerable to cross-site scripting. | 5.4 |