Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-09 | CVE-2015-2531 | Cross-site Scripting vulnerability in Microsoft Lync Server and Skype for Business Server Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability." | 4.3 |
2015-09-09 | CVE-2015-2522 | Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013 Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability." | 3.5 |
2015-09-07 | CVE-2015-5625 | Cross-site Scripting vulnerability in Opendocman Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter. | 4.3 |
2015-09-07 | CVE-2015-2989 | Cross-site Scripting vulnerability in Lemon-S PHP Twit BBS Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter. | 4.3 |
2015-09-05 | CVE-2015-2986 | Cross-site Scripting vulnerability in Rakuto Rktsns2 0.2.2B Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-05 | CVE-2015-2985 | Cross-site Scripting vulnerability in Guide-Park BBS X102 1.03 Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2015-09-04 | CVE-2015-6810 | Cross-site Scripting vulnerability in Invisionpower Invision Power Board Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/. | 3.5 |
2015-09-04 | CVE-2015-6809 | Cross-site Scripting vulnerability in Bedita Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection. | 4.3 |
2015-09-04 | CVE-2015-6808 | Cross-site Scripting vulnerability in Getlevelten Spotlight Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title. | 3.5 |
2015-09-04 | CVE-2015-6807 | Cross-site Scripting vulnerability in Mass Contact Project Mass Contact Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label. | 2.1 |