Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-03-13 CVE-2014-3926 Cross-site Scripting vulnerability in LG Project LG
Cross-site scripting (XSS) vulnerability in lg.cgi in Cougar LG 1.9 allows remote attackers to inject arbitrary web script or HTML via the "addr" parameter.
network
low complexity
lg-project CWE-79
6.1
6.1
2017-03-13 CVE-2017-6807 Cross-site Scripting vulnerability in Uninett MOD Auth Mellon
mod_auth_mellon before 0.13.1 is vulnerable to a Cross-Site Session Transfer attack, where a user with access to one web site running on a server can copy their session cookie to a different web site on the same server to get access to that site.
network
low complexity
uninett CWE-79
6.1
6.1
2017-03-13 CVE-2017-5621 Cross-site Scripting vulnerability in Zammad
An issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.
network
low complexity
zammad CWE-79
6.1
6.1
2017-03-13 CVE-2017-5620 Cross-site Scripting vulnerability in Zammad
An XSS issue was discovered in Zammad before 1.0.4, 1.1.x before 1.1.3, and 1.2.x before 1.2.1.
network
low complexity
zammad CWE-79
6.1
6.1
2017-03-12 CVE-2017-6820 Cross-site Scripting vulnerability in Roundcube Webmail
rcube_utils.php in Roundcube before 1.1.8 and 1.2.x before 1.2.4 is susceptible to a cross-site scripting vulnerability via a crafted Cascading Style Sheets (CSS) token sequence within an SVG element.
network
low complexity
roundcube CWE-79
6.1
6.1
2017-03-12 CVE-2017-6818 Cross-site Scripting vulnerability in Wordpress
In WordPress before 4.7.3 (wp-admin/js/tags-box.js), there is cross-site scripting (XSS) via taxonomy term names.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-03-12 CVE-2017-6817 Cross-site Scripting vulnerability in multiple products
In WordPress before 4.7.3 (wp-includes/embed.php), there is authenticated Cross-Site Scripting (XSS) in YouTube URL Embeds.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2017-03-12 CVE-2017-6814 Cross-site Scripting vulnerability in multiple products
In WordPress before 4.7.3, there is authenticated Cross-Site Scripting (XSS) via Media File Metadata.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2017-03-11 CVE-2017-6812 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.vote.php (id parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1
2017-03-11 CVE-2017-6811 Cross-site Scripting vulnerability in Mangoswebv4 Project Mangoswebv4 4.0.8
paintballrefjosh/MaNGOSWebV4 4.0.8 is vulnerable to a reflected XSS in inc/admin/template_files/admin.shop.php (id parameter).
network
low complexity
mangoswebv4-project CWE-79
6.1
6.1