Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-12-31 CVE-2016-6858 Cross-site Scripting vulnerability in SAP Hybris
Cross-site scripting (XSS) vulnerability in the Create Employee feature in Hybris Management Console (HMC) in SAP Hybris before 5.0.4.11, 5.1.0.x before 5.1.0.11, 5.1.1.x before 5.1.1.12, 5.2.0.x and 5.3.0.x before 5.3.0.10, 5.4.x before 5.4.0.9, 5.5.0.x before 5.5.0.9, 5.5.1.x before 5.5.1.10, 5.6.x before 5.6.0.8, and 5.7.x before 5.7.0.9 allows remote authenticated users to inject arbitrary web script or HTML via the Name field.
network
low complexity
sap CWE-79
5.4
5.4
2016-12-31 CVE-2016-6857 Cross-site Scripting vulnerability in SAP Hybris
Cross-site scripting (XSS) vulnerability in the Create Catalogue feature in Hybris Management Console (HMC) in SAP Hybris before 5.2.0.13, 5.3.x before 5.3.0.11, 5.4.x before 5.4.0.11, 5.5.0.x before 5.5.0.10, 5.5.1.x before 5.5.1.11, 5.6.x before 5.6.0.11, and 5.7.x before 5.7.0.15 allows remote authenticated users to inject arbitrary web script or HTML via the ID field.
network
low complexity
sap CWE-79
5.4
5.4
2016-12-31 CVE-2016-6856 Cross-site Scripting vulnerability in SAP Hybris
Cross-site scripting (XSS) vulnerability in the Inbox Search feature in Hybris Management Console (HMC) in SAP Hybris before 6.0 allows remote attackers to inject arbitrary web script or HTML via the itemsperpage parameter.
network
low complexity
sap CWE-79
6.1
6.1
2016-12-30 CVE-2016-10083 Cross-site Scripting vulnerability in Piwigo
Cross-site scripting (XSS) vulnerability in admin/plugin.php in Piwigo through 2.8.3 allows remote attackers to inject arbitrary web script or HTML via a crafted filename that is mishandled in a certain error case.
network
low complexity
piwigo CWE-79
6.1
6.1
2016-12-29 CVE-2016-9891 Cross-site Scripting vulnerability in Dotclear
Cross-site scripting (XSS) vulnerability in admin/media.php and admin/media_item.php in Dotclear before 2.11 allows remote authenticated users to inject arbitrary web script or HTML via the upfiletitle or media_title parameter (aka the media title).
network
low complexity
dotclear CWE-79
5.4
5.4
2016-12-29 CVE-2016-7463 Cross-site Scripting vulnerability in VMWare Esxi 5.5/6.0
Cross-site scripting (XSS) vulnerability in the Host Client in VMware vSphere Hypervisor (aka ESXi) 5.5 and 6.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted VM.
network
low complexity
vmware CWE-79
5.4
5.4
2016-12-25 CVE-2016-9681 Cross-site Scripting vulnerability in S9Y Serendipity
Multiple cross-site scripting (XSS) vulnerabilities in Serendipity before 2.0.5 allow remote authenticated users to inject arbitrary web script or HTML via a category or directory name.
network
low complexity
s9y CWE-79
5.4
5.4
2016-12-24 CVE-2016-10006 Cross-site Scripting vulnerability in Antisamy Project Antisamy
In OWASP AntiSamy before 1.5.5, by submitting a specially crafted input (a tag that supports style with active content), you could bypass the library protections and supply executable code.
network
low complexity
antisamy-project CWE-79
6.1
6.1
2016-12-23 CVE-2016-9889 Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware
Some forms with the parameter geo_zoomlevel_to_found_location in Tiki Wiki CMS 12.x before 12.10 LTS, 15.x before 15.3 LTS, and 16.x before 16.1 don't have the input sanitized, related to tiki-setup.php and article_image.php.
network
low complexity
tiki CWE-79
6.1
6.1
2016-12-20 CVE-2016-9757 Cross-site Scripting vulnerability in Rapid7 Nexpose 6.4.12
In the Create Tags page of the Rapid7 Nexpose version 6.4.12 user interface, any authenticated user who has the capability to create tags can inject cross-site scripting (XSS) elements in the tag name field.
network
low complexity
rapid7 CWE-79
5.4
5.4