Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-20 | CVE-2017-1146 | Cross-site Scripting vulnerability in IBM Content Navigator 2.0.3/3.0.0 IBM Content Navigator 2.0.3 and 3.0.0 are vulnerable to cross-site scripting. | 5.4 |
| 2017-03-20 | CVE-2016-9696 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to HTML injection. | 5.4 |
| 2017-03-20 | CVE-2016-9694 | Cross-site Scripting vulnerability in IBM Rational Rhapsody Design Manager IBM Rhapsody DM 4.0, 5.0, and 6.0 is vulnerable to cross-site scripting. | 5.4 |
| 2017-03-19 | CVE-2016-8855 | Cross-site Scripting vulnerability in Sitecore Experience Platform 8.1 Cross-Site Scripting (XSS) in "/sitecore/client/Applications/List Manager/Taskpages/Contact list" in Sitecore Experience Platform 8.1 rev. | 6.1 |
| 2017-03-17 | CVE-2017-3874 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager 11.5(1.11007.2) A vulnerability in the web framework of Cisco Unified Communications Manager (CallManager) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack. | 5.4 |
| 2017-03-17 | CVE-2017-3872 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A cross-site scripting (XSS) filter bypass vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct XSS attacks against a user of an affected device. | 6.1 |
| 2017-03-17 | CVE-2017-3868 | Cross-site Scripting vulnerability in Cisco Unified Computing System Director 6.0(0.0) A vulnerability in the web-based management interface of Cisco UCS Director could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2017-03-17 | CVE-2017-3866 | Cross-site Scripting vulnerability in Cisco Prime Service Catalog 11.1.2/11.1Base A vulnerability in the web framework code of Cisco Prime Service Catalog could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 6.1 |
| 2017-03-17 | CVE-2015-3883 | Cross-site Scripting vulnerability in Qdpm 8.3 Multiple cross-site scripting (XSS) vulnerabilities in qdPM 8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) search[keywords] parameter to index.php/users page; the (2) "Name of application" on index.php/configuration; (3) a new project name on index.php/projects; (4) the task name on index.php/tasks; (5) ticket name on index.php/tickets; (6) discussion name on index.php/discussions; (7) report name on index.php/projectReports; or (8) event name on index.php/scheduler/personal. | 6.1 |
| 2017-03-17 | CVE-2014-8707 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.2 Cross-site scripting (XSS) vulnerability in TinyMCE in Pluck CMS 4.7.2 allows remote authenticated users to inject arbitrary web script or HTML via the "edit HTML source" option. | 5.4 |