Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-08 | CVE-2017-9516 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2982 allows for a potential XSS attack vector by uploading a malicious SVG file. | 5.4 |
| 2017-06-07 | CVE-2014-9310 | Cross-site Scripting vulnerability in Wordpress Backup to Dropbox Project Wordpress Backup to Dropbox Cross-site scripting (XSS) vulnerability in the WordPress Backup to Dropbox plugin before 4.1 for WordPress. | 6.1 |
| 2017-06-07 | CVE-2015-6959 | Cross-site Scripting vulnerability in Vindula 1.9 Cross-site scripting (XSS) vulnerability in Vindula 1.9. | 5.4 |
| 2017-06-07 | CVE-2015-6540 | Cross-site Scripting vulnerability in Igcb Intellect Digital Core Cross-site scripting (XSS) vulnerability in Intellect Design Arena Intellect Core banking software. | 6.1 |
| 2017-06-07 | CVE-2017-1305 | Cross-site Scripting vulnerability in IBM Rational Doors Next Generation 6.0.2/6.0.3 IBM DOORS Next Generation (DNG/RRC) 6.0.2 and 6.0.3 is vulnerable to cross-site scripting. | 5.4 |
| 2017-06-07 | CVE-2017-1178 | Cross-site Scripting vulnerability in IBM Bigfix Security Compliance Analytics 1.9.70 IBM Endpoint Manager for Security and Compliance 1.9.70 is vulnerable to cross-site scripting. | 6.1 |
| 2017-06-07 | CVE-2016-9834 | Cross-site Scripting vulnerability in Sophos Cyberoam Firmware 10.6.4 An XSS vulnerability allows remote attackers to execute arbitrary client side script on vulnerable installations of Sophos Cyberoam firewall devices with firmware through 10.6.4. | 6.1 |
| 2017-06-06 | CVE-2017-9452 | Cross-site Scripting vulnerability in Piwigo Cross-site scripting (XSS) vulnerability in admin.php in Piwigo 2.9.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 4.8 |
| 2017-06-06 | CVE-2017-9451 | Cross-site Scripting vulnerability in Flatcore 1.4.6 Cross site scripting (XSS) vulnerability in pages.edit_form.php in flatCore 1.4.6 allows remote attackers to inject arbitrary JavaScript via the PATH_INFO in an acp.php URL, due to use of unsanitized $_SERVER['PHP_SELF'] to generate URLs. | 6.1 |
| 2017-06-06 | CVE-2017-8920 | Cross-site Scripting vulnerability in Cgiirc Cgi:Irc irc.cgi in CGI:IRC before 0.5.12 reflects user-supplied input from the R parameter without proper output encoding, aka XSS. | 6.1 |