Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2017-03-17	CVE-2014-8703	Cross-site Scripting vulnerability in Wondercms 2014 Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML. network low complexity wondercms CWE-79	6.1
2017-03-17	CVE-2017-6958	Cross-site Scripting vulnerability in Mantisbt Source Integration An XSS vulnerability in the MantisBT Source Integration Plugin (before 2.0.2) search result page allows an attacker to inject arbitrary HTML or JavaScript (if MantisBT's CSP settings permit it) by crafting any valid parameter. network low complexity mantisbt CWE-79	6.1
2017-03-17	CVE-2017-0110	Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Microsoft Exchange Outlook Web Access (OWA) allows remote attackers to inject arbitrary web script or HTML via a crafted email or chat client, aka "Microsoft Exchange Server Elevation of Privilege Vulnerability." network low complexity microsoft CWE-79	6.1
2017-03-17	CVE-2017-0107	Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013 Microsoft SharePoint Server fails to sanitize crafted web requests, allowing remote attackers to run cross-script in local security context, aka "Microsoft SharePoint XSS Vulnerability." network low complexity microsoft CWE-79	6.1
2017-03-17	CVE-2017-0055	Cross-site Scripting vulnerability in Microsoft products Microsoft Internet Information Server (IIS) in Windows Vista SP2; Windows Server 2008 SP2 and R2; Windows 7 SP1; Windows 8.1; Windows Server 2012 Gold and R2; Windows RT 8.1; Windows 10 Gold, 1511, and 1607; and Windows Server 2016 allows remote attackers to perform cross-site scripting and run script with local user privileges via a crafted request, aka "Microsoft IIS Server XSS Elevation of Privilege Vulnerability." network low complexity microsoft CWE-79	6.1
2017-03-17	CVE-2017-0017	Cross-site Scripting vulnerability in Microsoft Edge The RegEx class in the XSS filter in Microsoft Edge allows remote attackers to conduct cross-site scripting (XSS) attacks and obtain sensitive information via unspecified vectors, aka "Microsoft Edge Information Disclosure Vulnerability." This vulnerability is different from those described in CVE-2017-0009, CVE-2017-0011, CVE-2017-0065, and CVE-2017-0068. network low complexity microsoft CWE-79	6.1
2017-03-16	CVE-2016-0770	Cross-site Scripting vulnerability in Zahmit Design Connections Business Directory Plugin 8.5.8 Cross-site scripting (XSS) vulnerability in includes/admin/pages/manage.php in the Connections Business Directory plugin before 8.5.9 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s variable. network low complexity zahmit-design CWE-79	6.1
2017-03-16	CVE-2017-6061	Cross-site Scripting vulnerability in SAP Businessobjects Financial Consolidation 10.0.0.1933 Cross-site scripting (XSS) vulnerability in the help component of SAP BusinessObjects Financial Consolidation 10.0.0.1933 allows remote attackers to inject arbitrary web script or HTML via a GET request. network low complexity sap CWE-79	4.7
2017-03-15	CVE-2016-7103	Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function. network low complexity jqueryui oracle fedoraproject netapp redhat juniper debian CWE-79	6.1
2017-03-15	CVE-2017-6443	Cross-site Scripting vulnerability in Epson Tmnet Webconfig 1.00 Cross-site scripting (XSS) vulnerability in EPSON TMNet WebConfig 1.00 allows remote attackers to inject arbitrary web script or HTML via the W_AD1 parameter to Forms/oadmin_1. network low complexity epson CWE-79	6.1