Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-03-07 | CVE-2016-7140 | Cross-site Scripting vulnerability in Plone Multiple cross-site scripting (XSS) vulnerabilities in the ZMI page in Zope2 in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2017-03-07 | CVE-2016-7139 | Cross-site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in an unspecified page template in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. | 6.1 |
| 2017-03-07 | CVE-2016-7138 | Cross-site Scripting vulnerability in Plone Cross-site scripting (XSS) vulnerability in the URL checking infrastructure in Plone CMS 5.x through 5.0.6, 4.x through 4.3.11, and 3.3.x through 3.3.6 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2017-03-07 | CVE-2016-7136 | Cross-site Scripting vulnerability in Plone z3c.form in Plone CMS 5.x through 5.0.6 and 4.x through 4.3.11 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted GET request. | 6.1 |
| 2017-03-07 | CVE-2016-4948 | Cross-site Scripting vulnerability in Cloudera Manager Multiple cross-site scripting (XSS) vulnerabilities in Cloudera Manager 5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) Template Name field when renaming a template; (2) KDC Server host, (3) Kerberos Security Realm, (4) Kerberos Encryption Types, (5) Advanced Configuration Snippet (Safety Valve) for [libdefaults] section of krb5.conf, (6) Advanced Configuration Snippet (Safety Valve) for the Default Realm in krb5.conf, (7) Advanced Configuration Snippet (Safety Valve) for remaining krb5.conf, or (8) Active Directory Account Prefix fields in the Kerberos wizard; or (9) classicWizard parameter to cmf/cloudera-director/redirect. | 6.1 |
| 2017-03-07 | CVE-2016-4946 | Cross-site Scripting vulnerability in Cloudera HUE 3.9.0 Multiple cross-site scripting (XSS) vulnerabilities in Cloudera HUE 3.9.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) First name or (2) Last name field in the HUE Users page. | 6.1 |
| 2017-03-07 | CVE-2016-9148 | Cross-site Scripting vulnerability in CA Service Desk Manager 12.9/14.1 Cross-site scripting (XSS) vulnerability in CA Service Desk Manager (formerly CA Service Desk) 12.9 and 14.1 allows remote attackers to inject arbitrary web script or HTML via the QBE.EQ.REF_NUM parameter. | 6.1 |
| 2017-03-06 | CVE-2017-5197 | Cross-site Scripting vulnerability in Silverstripe There is XSS in SilverStripe CMS before 3.4.4 and 3.5.x before 3.5.2. | 6.1 |
| 2017-03-06 | CVE-2017-6503 | Cross-site Scripting vulnerability in Qbittorrent WebUI in qBittorrent before 3.3.11 did not escape many values, which could potentially lead to XSS. | 6.1 |
| 2017-03-05 | CVE-2017-6446 | Cross-site Scripting vulnerability in Dotclear 2.11.2 XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters. | 6.1 |