Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-01-24 CVE-2017-2929 Cross-site Scripting vulnerability in Adobe Acrobat 15.1.0.3
Adobe Acrobat Chrome extension version 15.1.0.3 and earlier have a DOM-based cross-site scripting vulnerability.
network
low complexity
adobe CWE-79
6.1
6.1
2017-01-23 CVE-2016-4056 Cross-site Scripting vulnerability in Typo3
Cross-site scripting (XSS) vulnerability in the Backend component in TYPO3 6.2.x before 6.2.19 allows remote attackers to inject arbitrary web script or HTML via the module parameter when creating a bookmark.
network
low complexity
typo3 CWE-79
6.1
6.1
2017-01-23 CVE-2016-0765 Cross-site Scripting vulnerability in Elfden Eshop Plugin 6.3.14
Multiple cross-site scripting (XSS) vulnerabilities in eshop-orders.php in the eShop plugin 6.3.14 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) action parameter.
network
low complexity
elfden CWE-79
6.1
6.1
2017-01-23 CVE-2015-8862 Cross-site Scripting vulnerability in Mustache.Js Project Mustache.Js
mustache package before 2.2.1 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
network
low complexity
mustache-js-project CWE-79
6.1
6.1
2017-01-23 CVE-2015-8861 Cross-site Scripting vulnerability in Handlebars.Js Project Handlebars.Js
The handlebars package before 4.0.0 for Node.js allows remote attackers to conduct cross-site scripting (XSS) attacks by leveraging a template with an attribute that is not quoted.
network
low complexity
handlebars-js-project CWE-79
6.1
6.1
2017-01-23 CVE-2015-8856 Cross-site Scripting vulnerability in Openjsf Serve-Index
Cross-site scripting (XSS) vulnerability in the serve-index package before 1.6.3 for Node.js allows remote attackers to inject arbitrary web script or HTML via a crafted file or directory name.
network
low complexity
openjsf CWE-79
6.1
6.1
2017-01-23 CVE-2014-9772 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
network
low complexity
nodejs CWE-79
6.1
6.1
2017-01-23 CVE-2013-7454 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via nested forbidden strings.
network
low complexity
nodejs CWE-79
6.1
6.1
2017-01-23 CVE-2013-7453 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via vectors related to UI redressing.
network
low complexity
nodejs CWE-79
6.1
6.1
2017-01-23 CVE-2013-7452 Cross-site Scripting vulnerability in Nodejs Node.Js
The validator module before 1.1.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via a crafted javascript URI.
network
low complexity
nodejs CWE-79
6.1
6.1