Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-08 | CVE-2015-8376 | Cross-site Scripting vulnerability in Getsymphony Symphony 2.6.3 Multiple cross-site scripting (XSS) vulnerabilities in Symphony CMS 2.6.3 allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) Navigation Group, or (3) Label parameter to blueprints/sections/edit/1. | 6.1 |
| 2016-01-08 | CVE-2014-7151 | Cross-site Scripting vulnerability in Nex-Forms Lite Project Nex-Forms Lite 2.1.0 Multiple cross-site scripting (XSS) vulnerabilities in the NEX-Forms Lite plugin 2.1.0 for WordPress allow remote attackers to inject arbitrary web script or HTML via the form_fields parameter in a (1) do_edit or (2) do_insert action to wp-admin/admin-ajax.php. | 6.1 |
| 2016-01-08 | CVE-2014-6444 | Cross-site Scripting vulnerability in Titan Framework Project Titan Framework 1.5 Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to iframe-googlefont-preview.php or the (2) text parameter to iframe-font-preview.php. | 6.1 |
| 2016-01-08 | CVE-2015-8759 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. | 5.4 |
| 2016-01-08 | CVE-2015-8758 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | 5.4 |
| 2016-01-08 | CVE-2015-8757 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation. | 6.1 |
| 2016-01-08 | CVE-2015-8756 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-08 | CVE-2015-8755 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | 5.4 |
| 2016-01-08 | CVE-2015-6434 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | 6.1 |
| 2016-01-05 | CVE-2015-5447 | Cross-site Scripting vulnerability in HP Storeonce Backup System Software 3.13.0 Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |