Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-04-21 | CVE-2017-7992 | Cross-site Scripting vulnerability in Heartland Payment Systems Heartland-PHP Heartland Payment Systems Payment Gateway PHP SDK hps/heartland-php v2.8.17 is vulnerable to a reflected XSS in examples/consumer-authentication/cruise.php via the URI, as demonstrated by the cavv parameter. | 6.1 |
| 2017-04-21 | CVE-2017-7409 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os Palo Alto Networks PAN-OS before 7.0.15 has XSS in the GlobalProtect external interface via crafted request parameters, aka PAN-SA-2017-0011 and PAN-70674. | 6.1 |
| 2017-04-20 | CVE-2017-6618 | Cross-site Scripting vulnerability in Cisco Integrated Management Controller Supervisor 3.0(1C) A vulnerability in the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. | 5.4 |
| 2017-04-20 | CVE-2017-6611 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) A vulnerability in the web framework code of Cisco Prime Infrastructure 2.2(2) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 6.1 |
| 2017-04-20 | CVE-2016-9980 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-20 | CVE-2016-9979 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 5.2, 6.0, and 7.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-04-20 | CVE-2017-5183 | Cross-site Scripting vulnerability in Netiq Access Manager 4.2.2/4.3/4.3.1 NetIQ Access Manager 4.2.2 and 4.3.x before 4.3.1+, when configured as an Identity Server, has XSS in the AssertionConsumerServiceURL field of a signed AuthnRequest in a samlp:AuthnRequest document. | 6.1 |
| 2017-04-20 | CVE-2016-1217 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1216 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "New appointment" function in Cybozu Garoon before 4.2.2. | 6.1 |
| 2017-04-20 | CVE-2016-1215 | Cross-site Scripting vulnerability in Cybozu Garoon Cross-site scripting (XSS) vulnerability in the "User details" function in Cybozu Garoon before 4.2.2. | 6.1 |