Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-15 | CVE-2017-9419 | Cross-site Scripting vulnerability in Webhammer WP Custom Fields Search 0.3.28 Cross-site scripting (XSS) vulnerability in the Webhammer WP Custom Fields Search plugin 0.3.28 for WordPress allows remote attackers to inject arbitrary JavaScript via the cs-all-0 parameter. | 6.1 |
| 2017-06-15 | CVE-2017-9674 | Cross-site Scripting vulnerability in Simplece 2.3.0 In SimpleCE 2.3.0, an authenticated XSS vulnerability was found on index.php/content/text/1?return_url=[XSS] exploitable as a regular or admin user. | 5.4 |
| 2017-06-15 | CVE-2017-9613 | Cross-site Scripting vulnerability in SAP Successfactors B1702P5E.1190658 Stored Cross-site scripting (XSS) vulnerability in SAP SuccessFactors before b1705.1234962 allows remote authenticated users to inject arbitrary web script or HTML via the file upload functionality. | 5.4 |
| 2017-06-15 | CVE-2017-8551 | Cross-site Scripting vulnerability in Microsoft Project Server 2013 An elevation of privilege vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint XSS vulnerability". | 6.1 |
| 2017-06-15 | CVE-2017-8550 | Cross-site Scripting vulnerability in Microsoft Office 2016 A remote code execution vulnerability exists in Skype for Business when the software fails to sanitize specially crafted content, aka "Skype for Business Remote Code Execution Vulnerability". | 5.4 |
| 2017-06-15 | CVE-2017-8514 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2016 An information disclosure vulnerability exists when Microsoft SharePoint software fails to properly sanitize a specially crafted requests, aka "Microsoft SharePoint Reflective XSS Vulnerability". | 5.4 |
| 2017-06-14 | CVE-2017-9624 | Cross-site Scripting vulnerability in Epesi Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted currency decimal-sign data. | 6.1 |
| 2017-06-14 | CVE-2017-9623 | Cross-site Scripting vulnerability in Epesi Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted country data. | 6.1 |
| 2017-06-14 | CVE-2017-9622 | Cross-site Scripting vulnerability in Epesi Multiple cross-site scripting (XSS) vulnerabilities in Telaxus/EPESI 1.8.2 and earlier allow remote attackers to inject arbitrary web script or HTML via crafted common data. | 6.1 |
| 2017-06-14 | CVE-2017-9621 | Cross-site Scripting vulnerability in Epesi Cross-site scripting (XSS) vulnerability in modules/Base/Lang/Administrator/update_translation.php in EPESI in Telaxus/EPESI 1.8.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) original or (2) new parameter. | 6.1 |