Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-05-11 CVE-2016-1113 Cross-site Scripting vulnerability in Adobe Coldfusion 10.0/11.0/2016
Cross-site scripting (XSS) vulnerability in Adobe ColdFusion 10 before Update 19, 11 before Update 8, and 2016 before Update 1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-05-10 CVE-2016-4561 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
network
low complexity
ikiwiki debian CWE-79
6.1
2016-05-07 CVE-2016-2350 Cross-site Scripting vulnerability in Accellion File Transfer Appliance 80540/911200/911210
Multiple cross-site scripting (XSS) vulnerabilities on the Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allow remote attackers to inject arbitrary web script or HTML via unspecified input to (1) getimageajax.php, (2) move_partition_frame.html, or (3) wmInfo.html.
network
low complexity
accellion CWE-79
6.1
2016-05-07 CVE-2016-2011 Cross-site Scripting vulnerability in HP Network Node Manager I
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2010.
network
low complexity
hp CWE-79
5.4
2016-05-07 CVE-2016-2010 Cross-site Scripting vulnerability in HP Network Node Manager I
Cross-site scripting (XSS) vulnerability in HPE Network Node Manager i (NNMi) 9.20, 9.23, 9.24, 9.25, 10.00, and 10.01 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-2011.
network
low complexity
hp CWE-79
5.4
2016-05-07 CVE-2016-0901 Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0900.
network
low complexity
emc CWE-79
6.1
2016-05-07 CVE-2016-0900 Cross-site Scripting vulnerability in EMC RSA Authentication Manager 7.1/8.0/8.1
Cross-site scripting (XSS) vulnerability in EMC RSA Authentication Manager before 8.1 SP1 P14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2016-0901.
network
low complexity
emc CWE-79
6.1
2016-05-03 CVE-2016-0892 Cross-site Scripting vulnerability in EMC RSA Data Loss Prevention
Cross-site scripting (XSS) vulnerability in EMC RSA Data Loss Prevention 9.6 before SP2 P5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
emc CWE-79
6.1
2016-04-28 CVE-2016-1205 Cross-site Scripting vulnerability in Shiro8 products
Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
shiro8 CWE-79
6.1
2016-04-22 CVE-2016-3126 Cross-site Scripting vulnerability in Blackberry Enterprise Server
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
blackberry CWE-79
6.1