Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-05-12 CVE-2016-4858 Cross-site Scripting vulnerability in Splunk
Cross-site scripting vulnerability in Splunk Enterprise 6.4.x prior to 6.4.2, Splunk Enterprise 6.3.x prior to 6.3.6, Splunk Enterprise 6.2.x prior to 6.2.10, Splunk Enterprise 6.1.x prior to 6.1.11, Splunk Enterprise 6.0.x prior to 6.0.12, Splunk Enterprise 5.0.x prior to 5.0.16 and Splunk Light prior to 6.4.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
splunk CWE-79
4.8
4.8
2017-05-12 CVE-2016-4856 Cross-site Scripting vulnerability in Splunk
Cross-site scripting vulnerability in Splunk Enterprise 6.3.x prior to 6.3.5 and Splunk Light 6.3.x prior to 6.3.5 allows attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
splunk CWE-79
4.8
4.8
2017-05-12 CVE-2016-4855 Cross-site Scripting vulnerability in Adodb Project Adodb
Cross-site scripting vulnerability in ADOdb versions prior to 5.20.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adodb-project CWE-79
6.1
6.1
2017-05-12 CVE-2017-0255 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013
Microsoft SharePoint Foundation 2013 SP1 allows an elevation of privilege vulnerability when it does not properly sanitize a specially crafted web request, aka "Microsoft SharePoint XSS Vulnerability".
network
low complexity
microsoft CWE-79
5.4
5.4
2017-05-11 CVE-2017-8898 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has stored XSS in the Announcements, allowing privilege escalation from an Invision Power Board moderator to an admin.
network
low complexity
invisioncommunity CWE-79
critical
 9.8
9.8
2017-05-11 CVE-2017-8897 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Invision Power Services (IPS) Community Suite 4.1.19.2 and earlier has pre-auth reflected XSS in the IPS UTF8 Converter v1.1.18: admin/convertutf8/index.php?controller= is the attack vector.
network
low complexity
invisioncommunity CWE-79
6.1
6.1
2017-05-10 CVE-2017-8892 Cross-site Scripting vulnerability in Opentext Tempo BOX 10.0.3
Cross-site scripting (XSS) vulnerability in OpenText Tempo Box 10.0.3 allows remote attackers to inject arbitrary web script or HTML persistently via the name of an uploaded image.
network
low complexity
opentext CWE-79
6.1
6.1
2017-05-10 CVE-2017-3894 Cross-site Scripting vulnerability in Blackberry Enterprise Service and Unified Endpoint Manager
A stored cross site scripting vulnerability in the Management Console of BlackBerry Unified Endpoint Manager version 12.6.1 and earlier, and all versions of BES12, allows attackers to execute actions in the context of a Management Console administrator by uploading a malicious script and then persuading a target administrator to view the specific location of the malicious script within the Management Console.
network
low complexity
blackberry CWE-79
6.1
6.1
2017-05-10 CVE-2017-7887 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 4.0.4
Dolibarr ERP/CRM 4.0.4 has XSS in doli/societe/list.php via the sall parameter.
network
low complexity
dolibarr CWE-79
6.1
6.1
2017-05-10 CVE-2016-6037 Cross-site Scripting vulnerability in IBM Rational Quality Manager and Rational Team Concert
IBM Rational Team Concert (RTC) is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
4.8
4.8