Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2016-04-12	CVE-2015-5347	Cross-site Scripting vulnerability in Apache Wicket Cross-site scripting (XSS) vulnerability in the getWindowOpenJavaScript function in org.apache.wicket.extensions.ajax.markup.html.modal.ModalWindow in Apache Wicket 1.5.x before 1.5.15, 6.x before 6.22.0, and 7.x before 7.2.0 might allow remote attackers to inject arbitrary web script or HTML via a ModalWindow title. network low complexity apache CWE-79	6.1
2016-04-12	CVE-2016-4003	Cross-site Scripting vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in the URLDecoder function in JRE before 1.8, as used in Apache Struts 2.x before 2.3.28, when using a single byte page encoding, allows remote attackers to inject arbitrary web script or HTML via multi-byte characters in a url-encoded parameter. network low complexity apache CWE-79	6.1
2016-04-12	CVE-2016-2162	Cross-site Scripting vulnerability in Apache Struts Apache Struts 2.x before 2.3.25 does not sanitize text in the Locale object constructed by I18NInterceptor, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors involving language display. network low complexity apache CWE-79	6.1
2016-04-12	CVE-2015-3268	Cross-site Scripting vulnerability in Apache Ofbiz Cross-site scripting (XSS) vulnerability in the DisplayEntityField.getDescription method in ModelFormField.java in Apache OFBiz before 12.04.06 and 13.07.x before 13.07.03 allows remote attackers to inject arbitrary web script or HTML via the description attribute of a display-entity element. network low complexity apache CWE-79	6.1
2016-04-11	CVE-2015-8398	Cross-site Scripting vulnerability in Atlassian Confluence Cross-site scripting (XSS) vulnerability in Atlassian Confluence before 5.8.17 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to rest/prototype/1/session/check. network low complexity atlassian CWE-79	6.1
2016-04-11	CVE-2015-0265	Cross-site Scripting vulnerability in Apache Ranger 0.4.0 Cross-site scripting (XSS) vulnerability in the Policy Admin Tool in Apache Ranger before 0.5.0 allows remote attackers to inject arbitrary web script or HTML via the HTTP User-Agent header. network low complexity apache CWE-79	6.1
2016-04-11	CVE-2016-2163	Cross-site Scripting vulnerability in Apache Openmeetings Cross-site scripting (XSS) vulnerability in Apache OpenMeetings before 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the event description when creating an event. network low complexity apache CWE-79	6.1
2016-04-11	CVE-2016-0712	Cross-site Scripting vulnerability in Apache Jetspeed Cross-site scripting (XSS) vulnerability in Apache Jetspeed before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to portal. network low complexity apache CWE-79	6.1
2016-04-11	CVE-2016-0711	Cross-site Scripting vulnerability in Apache Jetspeed Multiple cross-site scripting (XSS) vulnerabilities in Apache Jetspeed before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the title parameter when adding a (1) link, (2) page, or (3) folder resource. network low complexity apache CWE-79	6.1
2016-04-08	CVE-2016-2512	Cross-site Scripting vulnerability in Djangoproject Django The utils.http.is_safe_url function in Django before 1.8.10 and 1.9.x before 1.9.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks or possibly conduct cross-site scripting (XSS) attacks via a URL containing basic authentication, as demonstrated by http://mysite.example.com\@attacker.com. network low complexity djangoproject CWE-79	7.4