Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-30 | CVE-2016-1136 | Cross-site Scripting vulnerability in Kddi Home Spot Cube Firmware 2.0 Cross-site scripting (XSS) vulnerability on KDDI HOME SPOT CUBE devices before 2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-30 | CVE-2016-1488 | Cross-site Scripting vulnerability in Siemens Ozw672 Firmware and Ozw772 Firmware Cross-site scripting (XSS) vulnerability in the login form in the integrated web server on Siemens OZW OZW672 devices before 6.00 and OZW772 devices before 6.00 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-30 | CVE-2016-1304 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596. | 6.1 |
| 2016-01-29 | CVE-2015-8793 | Cross-site Scripting vulnerability in Roundcube Webmail Cross-site scripting (XSS) vulnerability in program/include/rcmail.php in Roundcube before 1.0.6 and 1.1.x before 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the _mbox parameter in a mail task to the default URL, a different vulnerability than CVE-2011-2937. | 6.1 |
| 2016-01-27 | CVE-2016-1300 | Cross-site Scripting vulnerability in Cisco Unity Connection 10.5(2.3009) Cross-site scripting (XSS) vulnerability in Cisco Unity Connection (UC) 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCux82582. | 6.1 |
| 2016-01-27 | CVE-2016-0209 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.5.0.0 Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.5.0 before CF09 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-01-27 | CVE-2015-7439 | Cross-site Scripting vulnerability in IBM products Cross-site scripting (XSS) vulnerability in InfoSphere Data Architect (IDA), as distributed in IBM Rational Software Architect 8.5 through 9.5, Rational Software Architect for WebSphere Software (RSA4WS) 8.5 through 9.5, and Rational Software Architect RealTime (RSART) 8.5 through 9.5, allows remote attackers to inject arbitrary web script or HTML via a crafted URL. | 6.1 |
| 2016-01-26 | CVE-2016-1926 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp. | 6.1 |
| 2016-01-26 | CVE-2016-1298 | Cross-site Scripting vulnerability in Cisco Unified Contact Center Express Multiple cross-site scripting (XSS) vulnerabilities in Cisco Unified Contact Center Express 10.0(1), 10.5(1), 10.6(1), and 11.0(1) allow remote attackers to inject arbitrary web script or HTML via vectors related to permalinks, aka Bug ID CSCux92033. | 6.1 |
| 2016-01-26 | CVE-2015-6337 | Cross-site Scripting vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module 1.0.10/1.0Ga Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.0.10 allows remote attackers to inject arbitrary web script or HTML via a crafted hostname in an SNMP response, aka Bug ID CSCuw47238. | 6.1 |