Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2015-09-11 | CVE-2015-5630 | Cross-site Scripting vulnerability in Ntt-Bp Japan Connected-Free Wi-Fi Cross-site scripting (XSS) vulnerability in the NTT Broadband Platform Japan Connected-free Wi-Fi application 1.6.0 and earlier for Android and 1.0.2 and earlier for iOS allows remote attackers to inject arbitrary web script or HTML via a crafted SSID. | 4.3 |
2015-09-11 | CVE-2015-6921 | Cross-site Scripting vulnerability in Zendesk Feedback TAB 7.X1.X Cross-site scripting (XSS) vulnerability in the Zendesk Feedback Tab module 7.x-1.x before 7.x-1.1 for Drupal allows remote administrators with the "Configure Zendesk Feedback Tab" permission to inject arbitrary web script or HTML via unspecified vectors. | 2.6 |
2015-09-11 | CVE-2015-6920 | Cross-site Scripting vulnerability in Sourceafrica Project Sourceafrica 0.1.3 Cross-site scripting (XSS) vulnerability in js/window.php in the sourceAFRICA plugin 0.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the wpbase parameter. | 4.3 |
2015-09-11 | CVE-2015-6919 | Cross-site Scripting vulnerability in Googlesearch Project Googlesearch 3.0.2 Cross-site scripting (XSS) vulnerability in the googleSearch (CSE) (com_googlesearch_cse) component 3.0.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the q parameter to index.php. | 4.3 |
2015-09-11 | CVE-2015-6913 | Cross-site Scripting vulnerability in Synology Download Station Cross-site scripting (XSS) vulnerability in the "Create download task via URL" feature in Synology Download Station before 3.5-2967 allows remote attackers to inject arbitrary web script or HTML via the urls parameter in an add_url_task action to dlm/downloadman.cgi. | 4.3 |
2015-09-11 | CVE-2015-6909 | Cross-site Scripting vulnerability in Synology Download Station Cross-site scripting (XSS) vulnerability in the "Create download task via file upload" feature in Synology Download Station before 3.5-2962 allows remote attackers to inject arbitrary web script or HTML via the name element in the Info dictionary in a torrent file. | 4.3 |
2015-09-11 | CVE-2015-6466 | Cross-site Scripting vulnerability in Moxa Eds-405A Firmware and Eds-408A Firmware Cross-site scripting (XSS) vulnerability in the Diagnosis Ping feature in the administrative web interface on Moxa EDS-405A and EDS-408A switches with firmware before 3.6 allows remote attackers to inject arbitrary web script or HTML via an unspecified field. | 4.3 |
2015-09-11 | CVE-2015-6584 | Cross-site Scripting vulnerability in Sprymedia Datatables Cross-site scripting (XSS) vulnerability in the DataTables plugin 1.10.8 and earlier for jQuery allows remote attackers to inject arbitrary web script or HTML via the scripts parameter to media/unit_testing/templates/6776.php. | 4.3 |
2015-09-09 | CVE-2015-2544 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 and SP1 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." | 4.3 |
2015-09-09 | CVE-2015-2543 | Cross-site Scripting vulnerability in Microsoft Exchange Server 2013 Cross-site scripting (XSS) vulnerability in Outlook Web Access (OWA) in Microsoft Exchange Server 2013 Cumulative Update 8 and 9 allows remote attackers to inject arbitrary web script or HTML via a crafted e-mail message, aka "Exchange Spoofing Vulnerability." | 4.3 |