Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2015-09-11 CVE-2015-5630 Cross-site Scripting vulnerability in Ntt-Bp Japan Connected-Free Wi-Fi
Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID.
network
ntt-bp CWE-79
4.3
4.3
2015-09-11 CVE-2015-6921 Cross-site Scripting vulnerability in Zendesk Feedback TAB 7.X1.X
Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors.
network
high complexity
zendesk CWE-79
2.6
2.6
2015-09-11 CVE-2015-6920 Cross-site Scripting vulnerability in Sourceafrica Project Sourceafrica 0.1.3
Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. 		4.3
4.3
2015-09-11 CVE-2015-6919 Cross-site Scripting vulnerability in Googlesearch Project Googlesearch 3.0.2
Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. 		4.3
4.3
2015-09-11 CVE-2015-6913 Cross-site Scripting vulnerability in Synology Download Station
Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi.
network
synology CWE-79
4.3
4.3
2015-09-11 CVE-2015-6909 Cross-site Scripting vulnerability in Synology Download Station
Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file.
network
synology CWE-79
4.3
4.3
2015-09-11 CVE-2015-6466 Cross-site Scripting vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware
Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field.
network
moxa CWE-79
4.3
4.3
2015-09-11 CVE-2015-6584 Cross-site Scripting vulnerability in Sprymedia Datatables
Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php.
network
sprymedia CWE-79
4.3
4.3
2015-09-09 CVE-2015-2544 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."
network
microsoft CWE-79
4.3
4.3
2015-09-09 CVE-2015-2543 Cross-site Scripting vulnerability in Microsoft Exchange Server 2013
Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability."
network
microsoft CWE-79
4.3
4.3