Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-10-28 | CVE-2016-8583 | Cross-site Scripting vulnerability in Alienvault products Multiple GET parameters in the vulnerability scan scheduler of AlienVault OSSIM and USM before 5.3.2 are vulnerable to reflected XSS. | 6.1 |
| 2016-10-28 | CVE-2016-8581 | Cross-site Scripting vulnerability in Alienvault products A persistent XSS vulnerability exists in the User-Agent header of the login process of AlienVault OSSIM and USM before 5.3.2 that allows an attacker to steal session IDs of logged in users when the current sessions are viewed by an administrator. | 6.1 |
| 2016-10-28 | CVE-2016-1423 | Cross-site Scripting vulnerability in Cisco Email Security Appliance A vulnerability in the display of email messages in the Messages in Quarantine (MIQ) view in Cisco AsyncOS for Cisco Email Security Appliance (ESA) could allow an unauthenticated, remote attacker to cause a user to click a malicious link in the MIQ view. | 6.1 |
| 2016-10-27 | CVE-2016-1000121 | Cross-site Scripting vulnerability in Huge-It Slider 1.0.9 XSS and SQLi in Huge IT Joomla Slider v1.0.9 extension | 4.8 |
| 2016-10-27 | CVE-2016-1598 | Cross-site Scripting vulnerability in Novell products XSS in NetIQ IDM 4.5 Identity Applications before 4.5.4 allows attackers able to change their username to inject arbitrary HTML code into the Role Assignment administrator HTML pages. | 5.4 |
| 2016-10-27 | CVE-2016-1592 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the nrfEntitlementReport.do CGI. | 6.1 |
| 2016-10-27 | CVE-2015-0787 | Cross-site Scripting vulnerability in Netiq Identity Manager 4.5 XSS in NetIQ Designer for Identity Manager before 4.5.3 allows remote attackers to inject arbitrary HTML code via the accessMgrDN value of the forgotUser.do CGI. | 6.1 |
| 2016-10-26 | CVE-2016-8506 | Cross-site Scripting vulnerability in Yandex Browser XSS in Yandex Browser Translator in Yandex browser for desktop for versions from 15.12 to 16.2 could be used by remote attacker for evaluation arbitrary javascript code. | 6.1 |
| 2016-10-26 | CVE-2016-8505 | Cross-site Scripting vulnerability in Yandex Yandex.Browser 16.4.0.94.4 XSS in Yandex Browser BookReader in Yandex browser for desktop for versions before 16.6. | 6.1 |
| 2016-10-25 | CVE-2016-5512 | Cross-site Scripting vulnerability in Oracle Agile Product Lifecycle Management Framework 9.3.4/9.3.5 Unspecified vulnerability in the Oracle Agile PLM component in Oracle Supply Chain Products Suite 9.3.4 and 9.3.5 allows remote attackers to affect confidentiality and integrity via unknown vectors, a different vulnerability than CVE-2016-5521. | 6.1 |