Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-06 | CVE-2017-9448 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS Cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML via the description parameter. | 5.4 |
| 2017-06-06 | CVE-2017-9332 | Cross-site Scripting vulnerability in Pivotx 2.3.11 The smarty_self function in modules/module_smarty.php in PivotX 2.3.11 mishandles the URI, allowing XSS via vectors involving quotes in the self Smarty tag. | 6.1 |
| 2017-06-05 | CVE-2017-9441 | Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS Multiple cross-site scripting (XSS) vulnerabilities in BigTree CMS through 4.2.18 allow remote authenticated users to inject arbitrary web script or HTML by uploading a crafted package, triggering mishandling of the (1) title or (2) version or (3) author_name parameter in manifest.json. | 5.4 |
| 2017-06-05 | CVE-2017-9420 | Cross-site Scripting vulnerability in Sunnythemes Spiffy Calendar Cross site scripting (XSS) vulnerability in the Spiffy Calendar plugin before 3.3.0 for WordPress allows remote attackers to inject arbitrary JavaScript via the yr parameter. | 6.1 |
| 2017-06-05 | CVE-2017-8839 | Cross-site Scripting vulnerability in Peplink products XSS via orig_url exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 6.1 |
| 2017-06-05 | CVE-2017-8838 | Cross-site Scripting vulnerability in Peplink products XSS via syncid exists on Peplink Balance 305, 380, 580, 710, 1350, and 2500 devices with firmware before fw-b305hw2_380hw6_580hw2_710hw3_1350hw2_2500-7.0.1-build2093. | 6.1 |
| 2017-06-05 | CVE-2017-8440 | Cross-site Scripting vulnerability in Elastic Kibana Starting in version 5.3.0, Kibana had a cross-site scripting (XSS) vulnerability in the Discover page that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2017-06-05 | CVE-2017-8439 | Cross-site Scripting vulnerability in Elastic Kibana 5.4.0 Kibana version 5.4.0 was affected by a Cross Site Scripting (XSS) bug in the Time Series Visual Builder. | 6.1 |
| 2017-06-04 | CVE-2012-6705 | Cross-site Scripting vulnerability in Jamroom 4.2.6 Cross Site Scripting (XSS) exists in Jamroom before 4.2.7 via the Status Update field. | 6.1 |
| 2017-06-02 | CVE-2017-9366 | Cross-site Scripting vulnerability in Epesi Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Base/Dashboard/Dashboard_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted tab_name parameter. | 4.8 |