Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-04-13 CVE-2017-7626 Cross-site Scripting vulnerability in Smart Related Articles Project Smart Related Articles 1.1
The "Smart related articles" extension 1.1 for Joomla! has XSS in dialog.php (n_art,type in GET Method).
network
low complexity
smart-related-articles-project CWE-79
6.1
6.1
2017-04-12 CVE-2016-6348 Cross-site Scripting vulnerability in Redhat Resteasy
JacksonJsonpInterceptor in RESTEasy might allow remote attackers to conduct a cross-site script inclusion (XSSI) attack.
network
low complexity
redhat CWE-79
6.1
6.1
2017-04-12 CVE-2016-4897 Cross-site Scripting vulnerability in Webmin Usermin
Multiple cross-site scripting (XSS) vulnerabilities in (1) filter/save_forward.cgi, (2) filter/save.cgi, (3) /man/search.cgi in Usermin before 1.690.
network
low complexity
webmin CWE-79
6.1
6.1
2017-04-12 CVE-2016-4892 Cross-site Scripting vulnerability in Setucocms Project Setucocms
Cross-site scripting vulnerability in SetsucoCMS all versions allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
setucocms-project CWE-79
6.1
6.1
2017-04-12 CVE-2016-2803 Cross-site Scripting vulnerability in Mozilla Bugzilla
Cross-site scripting (XSS) vulnerability in the dependency graphs in Bugzilla 2.16rc1 through 4.4.11, and 4.5.1 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
mozilla CWE-79
6.1
6.1
2017-04-12 CVE-2016-1179 Cross-site Scripting vulnerability in Appleple A-Blog CMS
Cross-site scripting (XSS) vulnerability in the standard template of the comment functionality in appleple a-blog cms 2.6.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML.
network
low complexity
appleple CWE-79
6.1
6.1
2017-04-12 CVE-2015-7562 Cross-site Scripting vulnerability in Teampass
Multiple cross-site scripting (XSS) vulnerabilities in TeamPass 2.1.24 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) label value of an item or (2) name of a role.
network
low complexity
teampass CWE-79
6.1
6.1
2017-04-12 CVE-2016-8719 Cross-site Scripting vulnerability in Moxa Awk-3131A Firmware 1.1
An exploitable reflected Cross-Site Scripting vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless Access Point running firmware 1.1.
network
low complexity
moxa CWE-79
6.1
6.1
2017-04-12 CVE-2017-3125 Cross-site Scripting vulnerability in Fortinet Fortimail
An unauthenticated XSS vulnerability with FortiMail 5.0.0 - 5.2.9 and 5.3.0 - 5.3.8 could allow an attacker to execute arbitrary scripts in the security context of the browser of a victim logged in FortiMail, assuming the victim is social engineered into clicking an URL crafted by the attacker.
network
low complexity
fortinet CWE-79
6.1
6.1
2017-04-12 CVE-2017-0195 Cross-site Scripting vulnerability in Microsoft products
Microsoft Excel Services on Microsoft SharePoint Server 2010 SP1 and SP2, Microsoft Excel Web Apps 2010 SP2, Microsoft Office Web Apps 2010 SP2, Microsoft Office Web Apps Server 2013 SP1 and Office Online Server allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft Office XSS Elevation of Privilege Vulnerability."
network
low complexity
microsoft CWE-79
5.4
5.4