Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-23 | CVE-2016-5756 | Cross-site Scripting vulnerability in Netiq Access Manager 4.1/4.2 Multiple components of the web tools in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 were vulnerable to Reflected Cross Site Scripting attacks which could be used to hijack user sessions: nps/servlet/frameservice, nps/servlet/webacc, roma/admin/cntl, roma/jsp/admin/appliance/devicedetail_edit.jsp, roma/jsp/admin/managementip/mgmt_ip_details_frameset.jsp, roma/jsp/admin/managementip/mgmt_ip_details_middleframe.jsp, roma/jsp/volsc/monitoring/appliance.jsp, and roma/jsp/volsc/monitoring/graph.jsp. | 6.1 |
| 2017-03-23 | CVE-2016-5751 | Cross-site Scripting vulnerability in Netiq Access Manager 4.1/4.2 An unfiltered finalizer target URL in the SAML processing feature in Identity Server in NetIQ Access Manager 4.1 before 4.1.2 HF1 and 4.2 before 4.2.2 could be used to trigger XSS and leak authentication credentials. | 6.1 |
| 2017-03-22 | CVE-2017-5673 | Cross-site Scripting vulnerability in Kunena 5.0.2/5.0.3/5.0.4 In the Kunena extension 5.0.2 through 5.0.4 for Joomla!, the forum message subject (aka topic subject) accepts JavaScript, leading to XSS. | 6.1 |
| 2017-03-22 | CVE-2017-7222 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in MantisBT before 2.1.1 allows remote attackers to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by modifying 'window_title' in the application configuration. | 6.1 |
| 2017-03-21 | CVE-2017-7215 | Cross-site Scripting vulnerability in Misp Project Misp Cross site scripting in some view elements in the index filter tool in app/webroot/js/misp2.4.68.js and the organisation landing page in app/View/Organisations/ajax/landingpage.ctp of MISP before 2.4.69 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2017-03-21 | CVE-2017-7205 | Cross-site Scripting vulnerability in Gamepanelx Gamepanelx-V3 3.0.12 A Cross-Site Scripting (XSS) was discovered in GamePanelX-V3 3.0.12. | 6.1 |
| 2017-03-21 | CVE-2017-7204 | Cross-site Scripting vulnerability in Imdbphp Project Imdbphp 5.1.1 A Cross-Site Scripting (XSS) was discovered in imdbphp 5.1.1. | 6.1 |
| 2017-03-21 | CVE-2017-7203 | Cross-site Scripting vulnerability in Zoneminder 1.30.2 A Cross-Site Scripting (XSS) was discovered in ZoneMinder before 1.30.2. | 6.1 |
| 2017-03-21 | CVE-2017-7202 | Cross-site Scripting vulnerability in Slims Slims7 Cendana 62B8Ee8B51Be89Fc65E0D59B01C3724737F9Da20 Multiple Cross-Site Scripting (XSS) were discovered in SLiMS 7 Cendana before 2017-03-16. | 6.1 |
| 2017-03-20 | CVE-2016-4930 | Cross-site Scripting vulnerability in Juniper Junos Space Cross-site scripting (XSS) vulnerability in Junos Space before 15.2R2 allows remote attackers to steal sensitive information or perform certain administrative actions. | 6.1 |