Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-11-19 | CVE-2016-6472 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.2) A vulnerability in several parameters of the ccmivr page of Cisco Unified Communication Manager (CallManager) could allow an unauthenticated, remote attacker to launch a cross-site scripting (XSS) attack against a user of the web interface on the affected system. | 6.1 |
| 2016-11-10 | CVE-2016-7148 | Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component. | 6.1 |
| 2016-11-10 | CVE-2016-7146 | Cross-site Scripting vulnerability in Moinmo Moinmoin 1.9.8 MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component. | 6.1 |
| 2016-11-10 | CVE-2016-7251 | Cross-site Scripting vulnerability in Microsoft SQL Server 2016 Cross-site scripting (XSS) vulnerability in the MDS API in Microsoft SQL Server 2016 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, aka "MDS API XSS Vulnerability." | 6.1 |
| 2016-11-08 | CVE-2016-7851 | Cross-site Scripting vulnerability in Adobe Connect Adobe Connect version 9.5.6 and earlier does not adequately validate input in the events registration module. | 6.1 |
| 2016-11-04 | CVE-2016-9188 | Cross-site Scripting vulnerability in Moodle Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters. | 6.1 |
| 2016-11-03 | CVE-2016-6451 | Cross-site Scripting vulnerability in Cisco Prime Collaboration Provisioning 10.6.0 Multiple vulnerabilities in the web framework code of the Cisco Prime Collaboration Provisioning could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 6.1 |
| 2016-11-03 | CVE-2016-6429 | Cross-site Scripting vulnerability in Cisco IP Interoperability and Collaboration System 4.10(1) A vulnerability in the web framework code of the Cisco IP Interoperability and Collaboration System (IPICS) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack. | 6.1 |
| 2016-10-29 | CVE-2016-5920 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager Cross-site scripting (XSS) vulnerability in the Web UI in IBM Financial Transaction Manager (FTM) for ACH Services 3.0.0.x before fp0015 and 3.0.1.0 before iFix0002 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-10-28 | CVE-2016-4393 | Cross-site Scripting vulnerability in HP System Management Homepage HPE System Management Homepage before v7.6 allows "remote authenticated" attackers to obtain sensitive information via unspecified vectors, related to an "XSS" issue. | 5.4 |