Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2015-09-26 | CVE-2015-6475 | Cross-site Scripting vulnerability in IBC Solar Danfoss TLX Pro+ and Servemaster Tlp+ Multiple cross-site scripting (XSS) vulnerabilities in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-09-26 | CVE-2015-4541 | Cross-site Scripting vulnerability in EMC RSA Archer GRC 5.5.0/5.5.1/5.5.2 Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Archer GRC 5.x before 5.5.3 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2015-09-26 | CVE-2015-4540 | Cross-site Scripting vulnerability in EMC RSA Identity Management and Governance Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 6.8.1 P18 and 6.9.x before 6.9.1 P6 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2015-09-26 | CVE-2015-4539 | Cross-site Scripting vulnerability in EMC RSA Identity Management and Governance Multiple cross-site scripting (XSS) vulnerabilities in EMC RSA Identity Management & Governance (IMG) before 7.0.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2015-09-21 | CVE-2015-7307 | Cross-site Scripting vulnerability in Drupaldise CMS Updater 7.X1.0/7.X1.1/7.X1.2 Cross-site scripting (XSS) vulnerability in the CMS Updater module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving the configuration page. | 4.3 |
| 2015-09-21 | CVE-2015-7304 | Cross-site Scripting vulnerability in Drupaljedi Amocrm 7.X1.0/7.X1.1 Cross-site scripting (XSS) vulnerability in the amoCRM module 7.x-1.x before 7.x-1.2 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified HTTP POST data. | 2.6 |
| 2015-09-21 | CVE-2015-6938 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the file browser in notebook/notebookapp.py in IPython Notebook before 3.2.2 and Jupyter Notebook 4.0.x before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via a folder name. | 4.3 |
| 2015-09-21 | CVE-2015-6238 | Cross-site Scripting vulnerability in Sumome Google Analyticator Multiple cross-site scripting (XSS) vulnerabilities in the Google Analyticator plugin before 6.4.9.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) ga_adsense, (2) ga_admin_disable_DimentionIndex, (3) ga_downloads_prefix, (4) ga_downloads, or (5) ga_outbound_prefix parameter in the google-analyticator page to wp-admin/admin.php. | 4.3 |
| 2015-09-21 | CVE-2015-5992 | Cross-site Scripting vulnerability in Philippine Long Distance Telephone Kasda Kw58293 Firmware and Speedsurf 504An Firmware Cross-site scripting (XSS) vulnerability in form2WlanSetup.cgi on Philippine Long Distance Telephone (PLDT) SpeedSurf 504AN devices with firmware GAN9.8U26-4-TX-R6B018-PH.EN and Kasda KW58293 devices allows remote attackers to inject arbitrary web script or HTML via the ssid parameter. | 4.3 |
| 2015-09-20 | CVE-2015-5691 | Cross-site Scripting vulnerability in Symantec web Gateway Multiple cross-site scripting (XSS) vulnerabilities in PHP scripts in the management console on Symantec Web Gateway (SWG) appliances with software before 5.2.2 DB 5.0.0.1277 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors, as demonstrated an attack against admin_messages.php. | 4.3 |