Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-05-22 CVE-2016-4567 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn."
network
low complexity
mediaelementjs wordpress CWE-79
6.1
2016-05-22 CVE-2016-4566 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack.
network
low complexity
wordpress plupload CWE-79
6.1
2016-05-22 CVE-2016-1564 Cross-site Scripting vulnerability in Wordpress
Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php.
network
low complexity
wordpress CWE-79
6.1
2016-05-22 CVE-2015-8834 Cross-site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type.
network
low complexity
wordpress CWE-79
6.1
2016-05-22 CVE-2015-7989 Cross-site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714.
network
low complexity
wordpress CWE-79
5.4
2016-05-22 CVE-2015-5714 Cross-site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags.
network
low complexity
wordpress CWE-79
6.1
2016-05-21 CVE-2016-1401 Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.4(1A)
Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250.
network
low complexity
cisco CWE-79
6.1
2016-05-15 CVE-2016-0390 Cross-site Scripting vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0
Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
2016-05-14 CVE-2016-1207 Cross-site Scripting vulnerability in Iodata products
Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
iodata CWE-79
5.4
2016-05-11 CVE-2016-1236 Cross-site Scripting vulnerability in multiple products
Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository.
network
low complexity
websvn debian CWE-79
6.1