Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-31 | CVE-2016-6031 | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Rational Quality Manager 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. | 5.4 |
| 2017-03-31 | CVE-2016-6022 | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Quality Manager (RQM) 4.0, 5.0, and 6.0 are vulnerable to cross-site scripting. | 5.4 |
| 2017-03-31 | CVE-2016-6209 | Cross-site Scripting vulnerability in Nagios Cross-site scripting (XSS) vulnerability in Nagios. | 6.1 |
| 2017-03-31 | CVE-2017-7363 | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | 6.1 |
| 2017-03-31 | CVE-2017-7362 | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | 6.1 |
| 2017-03-31 | CVE-2017-7361 | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | 6.1 |
| 2017-03-31 | CVE-2017-7360 | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | 6.1 |
| 2017-03-31 | CVE-2017-7359 | Cross-site Scripting vulnerability in Lucidcrew Pixie 1.04 Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | 6.1 |
| 2017-03-31 | CVE-2017-7309 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Configuration Report page (adm_config_report.php) allows remote attackers to inject arbitrary code (if CSP settings permit it) through a crafted 'config_option' parameter. | 4.8 |
| 2017-03-31 | CVE-2017-7241 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the MantisBT Move Attachments page (move_attachments_page.php, part of admin tools) allows remote attackers to inject arbitrary code through a crafted 'type' parameter, if Content Security Protection (CSP) settings allows it. | 4.8 |