Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-22 | CVE-2017-2528 | Cross-site Scripting vulnerability in Apple Safari An issue was discovered in certain Apple products. | 6.1 |
| 2017-05-22 | CVE-2017-2510 | Cross-site Scripting vulnerability in Apple Safari An issue was discovered in certain Apple products. | 6.1 |
| 2017-05-22 | CVE-2017-2508 | Cross-site Scripting vulnerability in Apple Safari An issue was discovered in certain Apple products. | 6.1 |
| 2017-05-22 | CVE-2017-2504 | Cross-site Scripting vulnerability in Apple Iphone OS An issue was discovered in certain Apple products. | 6.1 |
| 2017-05-22 | CVE-2017-6654 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 10.5(2.10000.5)/11.0(1.10000.10)/11.5(1.10000.6) A vulnerability in the web-based management interface of Cisco Unified Communications Manager 10.5 through 11.5 could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-05-19 | CVE-2017-4978 | Cross-site Scripting vulnerability in RSA Adaptive Authentication (On Premise) EMC RSA Adaptive Authentication (On-Premise) versions prior to 7.3 P2 (exclusive) contains a fix for a cross-site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | 5.4 |
| 2017-05-18 | CVE-2017-9072 | Cross-site Scripting vulnerability in Calendarxp Flatcalendarxp and Popcalendarxp Two CalendarXP products have XSS in common parts of HTML files. | 6.1 |
| 2017-05-18 | CVE-2017-9071 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker might be able to trigger XSS by injecting a payload into the HTTP Host header of a request. | 4.7 |
| 2017-05-18 | CVE-2017-9070 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, a user with resource edit permissions can inject an XSS payload into the title of any post via the pagetitle parameter to connectors/index.php. | 5.4 |
| 2017-05-18 | CVE-2017-9068 | Cross-site Scripting vulnerability in Modx Revolution In MODX Revolution before 2.5.7, an attacker is able to trigger Reflected XSS by injecting payloads into several fields on the setup page, as demonstrated by the database_type parameter. | 6.1 |