Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-06-04 CVE-2016-4812 Cross-site Scripting vulnerability in Markdown on Saved Improved Project Markdown on Saved Improved 2.5
Cross-site scripting (XSS) vulnerability in the Markdown on Save Improved plugin before 2.5.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
6.1
2016-06-04 CVE-2016-1211 Cross-site Scripting vulnerability in Epoch web Mailing List 0.31
Cross-site scripting (XSS) vulnerability in Epoch Web Mailing List 0.31 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
epoch CWE-79
6.1
2016-06-01 CVE-2016-4945 Cross-site Scripting vulnerability in Citrix Netscaler Gateway 11.0 Firmware 65.35
Cross-site scripting (XSS) vulnerability in vpn/js/gateway_login_form_view.js in Citrix NetScaler Gateway 11.0 before Build 66.11 allows remote attackers to inject arbitrary web script or HTML via the NSC_TMAC cookie.
network
low complexity
citrix CWE-79
6.1
2016-05-26 CVE-2015-7360 Cross-site Scripting vulnerability in Fortinet Fortisandbox Firmware
Multiple cross-site scripting (XSS) vulnerabilities in the Web User Interface (WebUI) in Fortinet FortiSandbox before 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) serial parameter to alerts/summary/profile/; the (2) urlForCreatingReport parameter to csearch/report/export/; the (3) id parameter to analysis/detail/download/screenshot; or vectors related to (4) "Fortiview threats by users search filtered by vdom" or (5) "PCAP file download generated by the VM scan feature."
network
low complexity
fortinet CWE-79
6.1
2016-05-26 CVE-2016-4790 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
5.5
2016-05-26 CVE-2016-4789 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the system configuration section in the administrative user interface in Pulse Connect Secure (PCS) 8.2 before 8.2r1, 8.1 before 8.1r2, 8.0 before 8.0r9, and 7.4 before 7.4r13.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
pulsesecure ivanti CWE-79
6.1
2016-05-26 CVE-2016-2784 Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple
CMS Made Simple 2.x before 2.1.3 and 1.x before 1.12.2, when Smarty Cache is activated, allow remote attackers to conduct cache poisoning attacks, modify links, and conduct cross-site scripting (XSS) attacks via a crafted HTTP Host header in a request.
network
high complexity
cmsmadesimple CWE-79
4.7
2016-05-25 CVE-2016-4575 Cross-site Scripting vulnerability in Huawei products
Cross-site scripting (XSS) vulnerability in the email APP in Huawei PLK smartphones with software AL10C00 before AL10C00B211 and AL10C92 before AL10C92B211; ATH smartphones with software AL00C00 before AL00C00B361, CL00C92 before CL00C92B361, TL00HC01 before TL00HC01B361, and UL00C00 before UL00C00B361; CherryPlus smartphones with software TL00C00 before TL00C00B553, UL00C00 before UL00C00B553, and TL00MC01 before TL00MC01B553; and RIO smartphones with software AL00C00 before AL00C00B360 allows remote attackers to inject arbitrary web script or HTML via an email message.
network
low complexity
huawei CWE-79
6.1
2016-05-23 CVE-2016-4783 Cross-site Scripting vulnerability in Lenovo Shareit 3.5.98Ww
Cross-site scripting (XSS) vulnerability in Lenovo SHAREit before 3.5.98_ww on Android before 4.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
network
low complexity
lenovo CWE-79
6.1
2016-05-22 CVE-2016-2153 Cross-site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.
network
low complexity
moodle CWE-79
6.1