Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-02-17 | CVE-2017-5008 | Cross-site Scripting vulnerability in Google Chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, allowed attacker controlled JavaScript to be run during the invocation of a private script method, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 6.1 |
| 2017-02-17 | CVE-2017-5007 | Cross-site Scripting vulnerability in Google Chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled the sequence of events when closing a page, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 6.1 |
| 2017-02-17 | CVE-2017-5006 | Cross-site Scripting vulnerability in Google Chrome Blink in Google Chrome prior to 56.0.2924.76 for Linux, Windows and Mac, and 56.0.2924.87 for Android, incorrectly handled object owner relationships, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via a crafted HTML page. | 6.1 |
| 2017-02-17 | CVE-2016-9139 | Cross-site Scripting vulnerability in Otrs Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.3.x before 3.3.16, 4.0.x before 4.0.19, and 5.0.x before 5.0.14 allows remote attackers to inject arbitrary web script or HTML via a crafted attachment. | 6.1 |
| 2017-02-17 | CVE-2016-4327 | Cross-site Scripting vulnerability in Wso2 Enablement Server for Java 6.6200908271616 Cross-site scripting (XSS) vulnerability in WSO2 SOA Enablement Server for Java/6.6 build SSJ-6.6-20090827-1616 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO. | 6.1 |
| 2017-02-17 | CVE-2016-4316 | Cross-site Scripting vulnerability in Wso2 Carbon 4.4.5 Multiple cross-site scripting (XSS) vulnerabilities in WSO2 Carbon 4.4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) setName parameter to identity-mgt/challenges-mgt.jsp; the (2) webappType or (3) httpPort parameter to webapp-list/webapp_info.jsp; the (4) dsName or (5) description parameter to ndatasource/newdatasource.jsp; the (6) phase parameter to viewflows/handlers.jsp; or the (7) url parameter to ndatasource/validateconnection-ajaxprocessor.jsp. | 6.1 |
| 2017-02-16 | CVE-2016-6062 | Cross-site Scripting vulnerability in IBM Resilient 26.0/26.1/26.2 IBM Resilient v26.0, v26.1, and v26.2 is vulnerable to cross-site scripting. | 6.1 |
| 2017-02-15 | CVE-2016-8968 | Cross-site Scripting vulnerability in IBM Rational Collaborative Lifecycle Management 6.0.0/6.0.1/6.0.2 IBM Jazz Foundation is vulnerable to cross-site scripting. | 5.4 |
| 2017-02-15 | CVE-2017-5990 | Cross-site Scripting vulnerability in Phreesoft Phreebookserp An issue was discovered in PhreeBooksERP before 2017-02-13. | 6.1 |
| 2017-02-15 | CVE-2017-2969 | Cross-site Scripting vulnerability in Adobe Campaign 16.4 Adobe Campaign versions 16.4 Build 8724 and earlier have a cross-site scripting (XSS) vulnerability. | 6.1 |