Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-06-02 | CVE-2017-9361 | Cross-site Scripting vulnerability in Websitebaker 2.10.0 WebsiteBaker v2.10.0 has a stored XSS vulnerability in /account/details.php. | 6.1 |
| 2017-06-01 | CVE-2017-7384 | Cross-site Scripting vulnerability in Flipbuilder Flip PDF Cross-site scripting (XSS) vulnerability in FlipBuilder Flip PDF allows remote attackers to inject arbitrary web script or HTML via the currentHTMLURL parameter. | 6.1 |
| 2017-06-01 | CVE-2017-3127 | Cross-site Scripting vulnerability in Fortinet Fortios A Cross-Site Scripting vulnerability in Fortinet FortiGate 5.2.0 through 5.2.10 allows attacker to execute unauthorized code or commands via the srcintf parameter during Firewall Policy Creation. | 6.1 |
| 2017-06-01 | CVE-2017-9337 | Cross-site Scripting vulnerability in Markdown on Save Improved Project Markdown on Save Improved 2.5 The Markdown on Save Improved plugin 2.5 for WordPress has a stored XSS vulnerability in the content of a post. | 6.1 |
| 2017-06-01 | CVE-2017-9336 | Cross-site Scripting vulnerability in WP Editor.Md Project WP Editor.Md 1.6 The WP Editor.MD plugin 1.6 for WordPress has a stored XSS vulnerability in the content of a post. | 6.1 |
| 2017-06-01 | CVE-2017-9331 | Cross-site Scripting vulnerability in Epesi The Agenda component in Telaxus EPESI 1.8.2 and earlier has a Stored Cross-site Scripting (XSS) vulnerability in modules/Utils/RecordBrowser/RecordBrowserCommon_0.php, which allows remote attackers to inject arbitrary web script or HTML via a crafted meeting description parameter. | 5.4 |
| 2017-05-31 | CVE-2017-9306 | Cross-site Scripting vulnerability in Syspass 2.1.9 inc/SP/Html/Html.class.php in sysPass 2.1.9 allows remote attackers to bypass the XSS filter, as demonstrated by use of an "<svg/onload=" substring instead of an "<svg onload=" substring. | 6.1 |
| 2017-05-31 | CVE-2017-9305 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 16.2 lib/core/TikiFilter/PreventXss.php in Tiki Wiki CMS Groupware 16.2 allows remote attackers to bypass the XSS filter via padded zero characters, as demonstrated by an attack on tiki-batch_send_newsletter.php. | 6.1 |
| 2017-05-30 | CVE-2017-2307 | Cross-site Scripting vulnerability in Juniper Junos Space A reflected cross site scripting vulnerability in the administrative interface of Juniper Networks Junos Space versions prior to 16.1R1 may allow remote attackers to steal sensitive information or perform certain administrative actions on Junos Space. | 6.1 |
| 2017-05-29 | CVE-2017-9299 | Cross-site Scripting vulnerability in Otrs 3.3.9 Open Ticket Request System (OTRS) 3.3.9 has XSS in index.pl?Action=AgentStats requests, as demonstrated by OrderBy=[XSS] and Direction=[XSS] attacks. | 6.1 |