Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2015-09-09 CVE-2015-2531 Cross-site Scripting vulnerability in Microsoft Lync Server and Skype for Business Server
Cross-site scripting (XSS) vulnerability in the jQuery engine in Microsoft Lync Server 2013 and Skype for Business Server 2015 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka "Skype for Business Server and Lync Server XSS Information Disclosure Vulnerability."
network
microsoft CWE-79
4.3
2015-09-09 CVE-2015-2522 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Foundation 2013 SP1 allows remote authenticated users to inject arbitrary web script or HTML via crafted content, aka "Microsoft SharePoint XSS Spoofing Vulnerability."
network
microsoft CWE-79
3.5
2015-09-07 CVE-2015-5625 Cross-site Scripting vulnerability in Opendocman
Cross-site scripting (XSS) vulnerability in OpenDocMan before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via the redirection parameter.
network
opendocman CWE-79
4.3
2015-09-07 CVE-2015-2989 Cross-site Scripting vulnerability in Lemon-S PHP Twit BBS
Cross-site scripting (XSS) vulnerability in index.php in LEMON-S PHP Twit BBS allows remote attackers to inject arbitrary web script or HTML via the imagetitle parameter.
4.3
2015-09-05 CVE-2015-2986 Cross-site Scripting vulnerability in Rakuto Rktsns2 0.2.2B
Cross-site scripting (XSS) vulnerability in rakuto.net hitSuji (rktSNS2) 0.2.2b allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
rakuto CWE-79
4.3
2015-09-05 CVE-2015-2985 Cross-site Scripting vulnerability in Guide-Park BBS X102 1.03
Cross-site scripting (XSS) vulnerability in guide-park.com BBS X102 1.03 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
guide-park CWE-79
4.3
2015-09-04 CVE-2015-6810 Cross-site Scripting vulnerability in Invisionpower Invision Power Board
Cross-site scripting (XSS) vulnerability in Invision Power Services IPS Community Suite (aka Invision Power Board, IPB, or Power Board) 4.x before 4.0.12.1 allows remote authenticated users to inject arbitrary web script or HTML via the event_location[address] array parameter to calendar/submit/.
3.5
2015-09-04 CVE-2015-6809 Cross-site Scripting vulnerability in Bedita
Multiple cross-site scripting (XSS) vulnerabilities in BEdita before 3.6.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cfg[projectName] parameter to index.php/admin/saveConfig, the (2) data[stats_provider_url] parameter to index.php/areas/saveArea, or the (3) data[description] parameter to index.php/areas/saveSection.
network
bedita CWE-79
4.3
2015-09-04 CVE-2015-6808 Cross-site Scripting vulnerability in Getlevelten Spotlight
Cross-site scripting (XSS) vulnerability in the Spotlight module 7.x-1.x before 7.x-1.5 for Drupal allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via a node title.
3.5
2015-09-04 CVE-2015-6807 Cross-site Scripting vulnerability in Mass Contact Project Mass Contact
Cross-site scripting (XSS) vulnerability in the Mass Contact module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with the "administer mass contact" permission to inject arbitrary web script or HTML via a category label.
network
high complexity
mass-contact-project CWE-79
2.1