Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-02-29 CVE-2015-7491 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4
2016-02-29 CVE-2015-7457 Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.0.0.1/8.5.0.0
Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 8.0.x before 8.0.0.1 CF20 and 8.5.x before 8.5.0.0 CF09 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
6.1
2016-02-23 CVE-2016-1157 Cross-site Scripting vulnerability in Log-Chat Project Log-Chat 1.0
Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
log-chat-project CWE-79
6.1
6.1
2016-02-22 CVE-2016-0725 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.
network
low complexity
fedoraproject moodle CWE-79
6.1
6.1
2016-02-22 CVE-2015-5337 Cross-site Scripting vulnerability in Moodle
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.
network
low complexity
moodle CWE-79
6.1
6.1
2016-02-22 CVE-2015-5336 Cross-site Scripting vulnerability in Moodle
Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.
network
low complexity
moodle CWE-79
5.4
5.4
2016-02-22 CVE-2015-5269 Cross-site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.
network
low complexity
moodle CWE-79
5.4
5.4
2016-02-22 CVE-2015-3275 Cross-site Scripting vulnerability in Moodle
Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.
network
low complexity
moodle CWE-79
6.1
6.1
2016-02-22 CVE-2015-3274 Cross-site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.
network
low complexity
moodle CWE-79
6.1
6.1
2016-02-20 CVE-2016-2045 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the SQL editor in phpMyAdmin 4.5.x before 4.5.4 allows remote authenticated users to inject arbitrary web script or HTML via a SQL query that triggers JSON data in a response.
network
low complexity
phpmyadmin fedoraproject CWE-79
5.4
5.4