Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-10-03 CVE-2016-7571 Cross-site Scripting vulnerability in Drupal
Cross-site scripting (XSS) vulnerability in Drupal 8.x before 8.1.10 allows remote attackers to inject arbitrary web script or HTML via vectors involving an HTTP exception.
network
low complexity
drupal CWE-79
6.1
6.1
2016-10-03 CVE-2016-5398 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite
Cross-site scripting (XSS) vulnerability in Business Process Editor in Red Hat JBoss BPM Suite before 6.3.3 allows remote authenticated users to inject arbitrary web script or HTML by levering permission to create business processes.
network
low complexity
redhat CWE-79
5.4
5.4
2016-10-01 CVE-2016-3042 Cross-site Scripting vulnerability in IBM Websphere Application Server
Cross-site scripting (XSS) vulnerability in the Web UI in IBM WebSphere Application Server (WAS) Liberty before 16.0.0.3 allows remote authenticated users to inject arbitrary web script or HTML via vectors involving OpenID Connect clients.
network
low complexity
ibm CWE-79
5.4
5.4
2016-09-30 CVE-2016-6647 Cross-site Scripting vulnerability in EMC Vipr SRM
Cross-site scripting (XSS) vulnerability in EMC ViPR SRM before 4.0.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
5.4
5.4
2016-09-29 CVE-2016-5061 Cross-site Scripting vulnerability in Aternity 9.0
Multiple cross-site scripting (XSS) vulnerabilities in the web server in Aternity before 9.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTPAgent, (2) MacAgent, (3) getExternalURL, or (4) retrieveTrustedUrl page.
network
low complexity
aternity CWE-79
6.1
6.1
2016-09-27 CVE-2016-4058 Cross-site Scripting vulnerability in Huawei Policy Center V100R003C00/V100R003C10
Cross-site scripting (XSS) vulnerability in Huawei Policy Center before V100R003C10SPC020 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to "special characters on pages."
network
low complexity
huawei CWE-79
5.4
5.4
2016-09-26 CVE-2016-6913 Cross-site Scripting vulnerability in Alienvault products
Cross-site scripting (XSS) vulnerability in AlienVault OSSIM before 5.3 and USM before 5.3 allows remote attackers to inject arbitrary web script or HTML via the back parameter to ossim/conf/reload.php.
network
low complexity
alienvault CWE-79
5.4
5.4
2016-09-26 CVE-2016-6840 Cross-site Scripting vulnerability in Huawei Oceanstor ISM V200R001C01/V200R001C02/V200R001C03
Cross-site scripting (XSS) vulnerability in the management interface in Huawei OceanStor ISM before V200R001C04SPC200 allows remote attackers to inject arbitrary web script or HTML via the loginName parameter to cgi-bin/doLogin_CgiEntry and possibly other unspecified vectors.
network
low complexity
huawei CWE-79
6.1
6.1
2016-09-26 CVE-2016-5395 Cross-site Scripting vulnerability in Apache Ranger
Cross-site scripting (XSS) vulnerability in the create user functionality in the policy admin tool in Apache Ranger before 0.6.1 allows remote authenticated administrators to inject arbitrary web script or HTML via vectors related to policies.
network
low complexity
apache CWE-79
4.8
4.8
2016-09-26 CVE-2016-5978 Cross-site Scripting vulnerability in IBM Tealeaf Customer Experience
Cross-site scripting (XSS) vulnerability in the Web UI in the web portal in IBM Tealeaf Customer Experience before 8.7.1.8847 FP10, 8.8 before 8.8.0.9049 FP9, 9.0.0 and 9.0.1 before 9.0.1.1117 FP5, 9.0.1A before 9.0.1.5108_9.0.1A FP5, 9.0.2 before 9.0.2.1223 FP3, and 9.0.2A before 9.0.2.5224_9.0.2A FP3 allows remote authenticated users to inject arbitrary web script or HTML via an embedded string, a different vulnerability than CVE-2016-5975.
network
low complexity
ibm CWE-79
5.4
5.4