Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-24 | CVE-2017-7255 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.1.6 XSS exists in the CMS Made Simple (CMSMS) 2.1.6 "Content-->News-->Add Article" feature via the m1_title parameter. | 5.4 |
| 2017-03-23 | CVE-2017-7251 | Cross-site Scripting vulnerability in Piengine PI 2.5.0 A Cross-Site Scripting (XSS) was discovered in pi-engine/pi 2.5.0. | 6.1 |
| 2017-03-23 | CVE-2017-7250 | Cross-site Scripting vulnerability in Gazelle Project Gazelle A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2017-7249 | Cross-site Scripting vulnerability in Gazelle Project Gazelle Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2017-7248 | Cross-site Scripting vulnerability in Gazelle Project Gazelle A Cross-Site Scripting (XSS) was discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2017-7247 | Cross-site Scripting vulnerability in Gazelle Project Gazelle Multiple Cross-Site Scripting (XSS) were discovered in Gazelle before 2017-03-19. | 6.1 |
| 2017-03-23 | CVE-2015-8687 | Cross-site Scripting vulnerability in Alcatel-Lucent Motive Home Device Manager 4.1.10.5 Multiple cross-site scripting (XSS) vulnerabilities in the Management Console in Alcatel-Lucent Motive Home Device Manager (HDM) before 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceTypeID parameter to DeviceType/getDeviceType.do; the (2) policyActionClass or (3) policyActionName parameter to PolicyAction/findPolicyActions.do; the deviceID parameter to (4) SingleDeviceMgmt/getDevice.do or (5) device/editDevice.do; the operation parameter to (6) ajax.do or (7) xmlHttp.do; or the (8) policyAction, (9) policyClass, or (10) policyName parameter to policy/findPolicies.do. | 5.4 |
| 2017-03-23 | CVE-2015-8622 | Cross-site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')." | 6.1 |
| 2017-03-23 | CVE-2017-7242 | Cross-site Scripting vulnerability in Slims Slims7 Cendana 20170323/62B8Ee8B51Be89Fc65E0D59B01C3724737F9Da20 Multiple Cross-Site Scripting (XSS) were discovered in admin/modules components in SLiMS 7 Cendana through 2017-03-23: the keywords parameter to bibliography/checkout_item.php, bibliography/dl_print.php, bibliography/item.php, bibliography/item_barcode_generator.php, bibliography/printed_card.php, circulation/loan_rules.php, master_file/author.php, master_file/coll_type.php, and master_file/doc_language.php and the quickReturnID field to circulation/ajax_action.php. | 6.1 |
| 2017-03-23 | CVE-2016-9169 | Cross-site Scripting vulnerability in Novell Groupwise 2014 A reflected XSS vulnerability exists in the web console of the Document Viewer Agent in Novell GroupWise before 2014 R2 Support Pack 1 Hot Patch 2 that may enable a remote attacker to execute JavaScript in the context of a valid user's browser session by getting the user to click on a specially crafted link. | 6.1 |