Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-05-03 | CVE-2017-8762 | Cross-site Scripting vulnerability in Genixcms 1.0.2 GeniXCMS 1.0.2 has XSS triggered by an authenticated user who submits a page, as demonstrated by a crafted oncut attribute in a B element. | 5.4 |
| 2017-05-03 | CVE-2015-9057 | Cross-site Scripting vulnerability in Proxmox Mail Gateway Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway prior to hotfix 4.0-8-097d26a9 allow remote attackers to inject arbitrary web script or HTML via multiple parameters, related to /users/index.htm, /quarantine/spam/manage.htm, /quarantine/spam/whitelist.htm, /queues/mail/index/, /system/ssh.htm, /queues/mail/?domain=, and /quarantine/virus/manage.htm. | 6.1 |
| 2017-05-03 | CVE-2017-7430 | Cross-site Scripting vulnerability in multiple products Novell iManager 2.7.x before 2.7 SP7 Patch 10 HF1 and NetIQ iManager 3.x before 3.0.3.1 have a persistent XSS vulnerability in Framework. | 6.1 |
| 2017-05-01 | CVE-2017-8376 | Cross-site Scripting vulnerability in Genixcms 1.0.2 GeniXCMS 1.0.2 has XSS triggered by an authenticated comment that is mishandled during a mouse operation by an administrator. | 5.4 |
| 2017-05-01 | CVE-2017-5631 | Cross-site Scripting vulnerability in KMC Information Systems Caseaware An issue was discovered in KMCIS CaseAware. | 6.1 |
| 2017-05-01 | CVE-2017-8384 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 2.6.2976 allows XSS attacks because an array returned by HttpRequestService::getSegments() and getActionSegments() need not be zero-based. | 6.1 |
| 2017-04-28 | CVE-2017-2151 | Cross-site Scripting vulnerability in Booking Calendar Project Booking Calendar Cross-site scripting vulnerability in Booking Calendar version 7.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2148 | Cross-site Scripting vulnerability in Iodata Wn-Ac1167Gr Firmware 1.04 Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2017-04-28 | CVE-2017-2147 | Cross-site Scripting vulnerability in Wp-Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-04-28 | CVE-2017-2136 | Cross-site Scripting vulnerability in WP Statistics WP Statistics Cross-site scripting vulnerability in WP Statistics version 12.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via specially crafted HTTP Referer headers. | 6.1 |