Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-16 | CVE-2016-1293 | Cross-site Scripting vulnerability in Cisco Firesight System Software 6.0.0/6.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414. | 6.1 |
| 2016-01-15 | CVE-2016-1913 | Cross-site Scripting vulnerability in Redhen Project Redhen Multiple cross-site scripting (XSS) vulnerabilities in the Redhen module 7.x-1.x before 7.x-1.11 for Drupal allow remote authenticated users with certain access to inject arbitrary web script or HTML via unspecified vectors, related to (1) individual contacts, (2) notes, or (3) engagement scores. | 5.4 |
| 2016-01-15 | CVE-2016-1912 | Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 allow remote authenticated users to inject arbitrary web script or HTML via the (1) lastname, (2) firstname, (3) email, (4) job, or (5) signature parameter to htdocs/user/card.php. | 5.4 |
| 2016-01-15 | CVE-2016-1911 | Cross-site Scripting vulnerability in SAP Netweaver 7.40 Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver 7.4 allow remote attackers to inject arbitrary web script or HTML via vectors related to the (1) Runtime Workbench (RWB) or (2) Pmitest servlet in the Process Monitoring Infrastructure (PMI), aka SAP Security Notes 2206793 and 2234918. | 6.1 |
| 2016-01-15 | CVE-2015-8685 | Cross-site Scripting vulnerability in Dolibarr Multiple cross-site scripting (XSS) vulnerabilities in Dolibarr ERP/CRM 3.8.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) external calendar url or (2) the bank name field in the "import external calendar" page. | 6.1 |
| 2016-01-15 | CVE-2015-3948 | Cross-site Scripting vulnerability in Advantech Webaccess Cross-site scripting (XSS) vulnerability in Advantech WebAccess before 8.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-13 | CVE-2016-0032 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, 2013 Cumulative Update 11, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." | 6.1 |
| 2016-01-13 | CVE-2016-0031 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2016 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0029. | 6.1 |
| 2016-01-13 | CVE-2016-0030 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013/2016 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 PS1, 2013 Cumulative Update 10, and 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability." | 6.1 |
| 2016-01-13 | CVE-2016-0029 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2016 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2016 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Exchange Spoofing Vulnerability," a different vulnerability than CVE-2016-0031. | 6.1 |