Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2017-01-18 CVE-2016-7981 Cross-site Scripting vulnerability in Spip
Cross-site scripting (XSS) vulnerability in valider_xml.php in SPIP 3.1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the var_url parameter in a valider_xml action.
network
low complexity
spip CWE-79
6.1
6.1
2017-01-18 CVE-2016-7150 Cross-site Scripting vulnerability in B2Evolution
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.
network
low complexity
b2evolution CWE-79
5.4
5.4
2017-01-18 CVE-2016-7149 Cross-site Scripting vulnerability in B2Evolution
Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.
network
low complexity
b2evolution CWE-79
6.1
6.1
2017-01-18 CVE-2015-8684 Cross-site Scripting vulnerability in Exponentcms Exponent CMS
Exponent CMS before 2.3.7 does not properly restrict the types of files that can be uploaded, which allows remote attackers to conduct cross-site scripting (XSS) attacks and possibly have other unspecified impact as demonstrated by uploading a file with an .html extension, then accessing it via the elFinder functionality.
network
low complexity
exponentcms CWE-79
6.1
6.1
2017-01-18 CVE-2015-8667 Cross-site Scripting vulnerability in Exponentcms Exponent CMS
Cross-site scripting (XSS) vulnerability in Reset Your Password module in Exponent CMS before 2.3.5 allows remote attackers to inject arbitrary web script or HTML via the Username/Email.
network
low complexity
exponentcms CWE-79
6.1
6.1
2017-01-17 CVE-2017-5516 Cross-site Scripting vulnerability in Metalgenix Genixcms
Multiple cross-site scripting (XSS) vulnerabilities in the user forms in GeniXCMS through 0.0.8 allow remote attackers to inject arbitrary web script or HTML via crafted parameters.
network
low complexity
metalgenix CWE-79
6.1
6.1
2017-01-17 CVE-2017-5515 Cross-site Scripting vulnerability in Metalgenix Genixcms
Cross-site scripting (XSS) vulnerability in the user prompt function in GeniXCMS through 0.0.8 allows remote authenticated users to inject arbitrary web script or HTML via tag names.
network
low complexity
metalgenix CWE-79
5.4
5.4
2017-01-15 CVE-2017-5494 Cross-site Scripting vulnerability in B2Evolution
Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.
network
low complexity
b2evolution CWE-79
5.4
5.4
2017-01-15 CVE-2017-5490 Cross-site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the theme-name fallback functionality in wp-includes/class-wp-theme.php in WordPress before 4.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted directory name of a theme, related to wp-admin/includes/class-theme-installer-skin.php.
network
low complexity
wordpress CWE-79
6.1
6.1
2017-01-15 CVE-2017-5488 Cross-site Scripting vulnerability in Wordpress
Multiple cross-site scripting (XSS) vulnerabilities in wp-admin/update-core.php in WordPress before 4.7.1 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) version header of a plugin.
network
low complexity
wordpress CWE-79
6.1
6.1