Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-04-22 CVE-2016-1918 Cross-site Scripting vulnerability in Blackberry Enterprise Server
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1917.
network
low complexity
blackberry CWE-79
6.1
2016-04-22 CVE-2016-1917 Cross-site Scripting vulnerability in Blackberry Enterprise Server
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2016-1918.
network
low complexity
blackberry CWE-79
6.1
2016-04-22 CVE-2016-1916 Cross-site Scripting vulnerability in Blackberry Enterprise Server
Cross-site scripting (XSS) vulnerability in the Management Console in BlackBerry Enterprise Server (BES) 12 before 12.4.1 allows remote authenticated users to inject arbitrary web script or HTML by leveraging basic administrative access to create a crafted policy, leading to improper rendering on a certain Export IT screen.
network
low complexity
blackberry CWE-79
5.4
2016-04-22 CVE-2016-1036 Cross-site Scripting vulnerability in Adobe Analytics Appmeasurement for Flash Library 4.0
Cross-site scripting (XSS) vulnerability in Adobe Analytics AppMeasurement for Flash Library before 4.0.1, when debugTracking is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
adobe CWE-79
6.1
2016-04-22 CVE-2016-1596 Cross-site Scripting vulnerability in Novell Service Desk 7.1
Multiple cross-site scripting (XSS) vulnerabilities in Micro Focus Novell Service Desk before 7.2 allow remote authenticated users to inject arbitrary web script or HTML via a certain (1) user name, (2) tf_aClientFirstName, (3) tf_aClientLastName, (4) ta_selectedTopicContent, (5) tf_orgUnitName, (6) tf_aManufacturerFullName, (7) tf_aManufacturerName, (8) tf_aManufacturerAddress, or (9) tf_aManufacturerCity parameter.
network
low complexity
novell CWE-79
5.4
2016-04-22 CVE-2016-2305 Cross-site Scripting vulnerability in Ecava Integraxor
Cross-site scripting (XSS) vulnerability in Ecava IntegraXor before 5.0 build 4522 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ecava CWE-79
6.1
2016-04-18 CVE-2016-3971 Cross-site Scripting vulnerability in Dotcms
Cross-site scripting (XSS) vulnerability in lucene_search.jsp in dotCMS before 3.5.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter to c/portal/layout.
network
low complexity
dotcms CWE-79
4.8
2016-04-18 CVE-2016-1652 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the ModuleSystem::RequireForJsInner function in extensions/renderer/module_system.cc in the Extensions subsystem in Google Chrome before 50.0.2661.75 allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
debian suse opensuse google CWE-79
6.1
2016-04-15 CVE-2016-3144 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Block Class module 7.x-2.x before 7.x-2.2 for Drupal allows remote authenticated users with the "Administer block classes" permission to inject arbitrary web script or HTML via a class name.
network
low complexity
fourkitchens fedoraproject CWE-79
5.4
2016-04-15 CVE-2015-7676 Cross-site Scripting vulnerability in Ipswitch Moveit DMZ 8.1
Ipswitch MOVEit File Transfer (formerly DMZ) 8.1 and earlier, when configured to support file view on download, allows remote authenticated users to conduct cross-site scripting (XSS) attacks by uploading HTML files.
network
low complexity
ipswitch CWE-79
5.4