Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2016-05-22 | CVE-2016-4567 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in flash/FlashMediaElement.as in MediaElement.js before 2.21.0, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via an obfuscated form of the jsinitfunction parameter, as demonstrated by "jsinitfunctio%gn." | 6.1 |
2016-05-22 | CVE-2016-4566 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in plupload.flash.swf in Plupload before 2.1.9, as used in WordPress before 4.5.2, allows remote attackers to inject arbitrary web script or HTML via a Same-Origin Method Execution (SOME) attack. | 6.1 |
2016-05-22 | CVE-2016-1564 | Cross-site Scripting vulnerability in Wordpress Multiple cross-site scripting (XSS) vulnerabilities in wp-includes/class-wp-theme.php in WordPress before 4.4.1 allow remote attackers to inject arbitrary web script or HTML via a (1) stylesheet name or (2) template name to wp-admin/customize.php. | 6.1 |
2016-05-22 | CVE-2015-8834 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in wp-includes/wp-db.php in WordPress before 4.2.2 allows remote attackers to inject arbitrary web script or HTML via a long comment that is improperly stored because of limitations on the MySQL TEXT data type. | 6.1 |
2016-05-22 | CVE-2015-7989 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in the user list table in WordPress before 4.3.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted e-mail address, a different vulnerability than CVE-2015-5714. | 5.4 |
2016-05-22 | CVE-2015-5714 | Cross-site Scripting vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in WordPress before 4.3.1 allows remote attackers to inject arbitrary web script or HTML by leveraging the mishandling of unclosed HTML elements during processing of shortcode tags. | 6.1 |
2016-05-21 | CVE-2016-1401 | Cross-site Scripting vulnerability in Cisco Unified Computing System Central Software 1.4(1A) Cross-site scripting (XSS) vulnerability in the management interface in Cisco Unified Computing System (UCS) Central Software 1.4(1a) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCuy91250. | 6.1 |
2016-05-15 | CVE-2016-0390 | Cross-site Scripting vulnerability in IBM Algo ONE 4.9.1/5.0.0/5.1.0 Cross-site scripting (XSS) vulnerability in IBM Algorithmics Algo One Algo Risk Application (ARA) 4.9.1 through 5.1.0 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL. | 5.4 |
2016-05-14 | CVE-2016-1207 | Cross-site Scripting vulnerability in Iodata products Cross-site scripting (XSS) vulnerability on I-O DATA DEVICE WN-G300R devices with firmware 1.12 and earlier, WN-G300R2 devices with firmware 1.12 and earlier, and WN-G300R3 devices with firmware 1.01 and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
2016-05-11 | CVE-2016-1236 | Cross-site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in (1) revision.php, (2) log.php, (3) listing.php, and (4) comp.php in WebSVN allow context-dependent attackers to inject arbitrary web script or HTML via the name of a (a) file or (b) directory in a repository. | 6.1 |