Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-01-08 | CVE-2015-8759 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the typoLink function in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote authenticated editors to inject arbitrary web script or HTML via a link field. | 5.4 |
| 2016-01-08 | CVE-2015-8758 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in unspecified frontend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | 5.4 |
| 2016-01-08 | CVE-2015-8757 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the Extension Manager in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to extension data during an extension installation. | 6.1 |
| 2016-01-08 | CVE-2015-8756 | Cross-site Scripting vulnerability in Typo3 Cross-site scripting (XSS) vulnerability in the search result view in the Indexed Search (indexed_search) component in TYPO3 6.2.x before 6.2.16 allows remote authenticated editors to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-08 | CVE-2015-8755 | Cross-site Scripting vulnerability in Typo3 Multiple cross-site scripting (XSS) vulnerabilities in unspecified backend components in TYPO3 6.2.x before 6.2.16 and 7.x before 7.6.1 allow remote authenticated editors to inject arbitrary web script or HTML via unknown vectors. | 5.4 |
| 2016-01-08 | CVE-2015-6434 | Cross-site Scripting vulnerability in Cisco Prime Infrastructure 2.2(2) Cisco Prime Infrastructure does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspecified other attacks via a crafted web site, related to a "cross-frame scripting (XFS)" issue, aka Bug ID CSCux64856. | 6.1 |
| 2016-01-05 | CVE-2015-5447 | Cross-site Scripting vulnerability in HP Storeonce Backup System Software 3.13.0 Cross-site scripting (XSS) vulnerability in HP StoreOnce Backup system software before 3.13.1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2016-01-03 | CVE-2015-8508 | Cross-site Scripting vulnerability in Mozilla Bugzilla Cross-site scripting (XSS) vulnerability in showdependencygraph.cgi in Bugzilla 2.x, 3.x, and 4.x before 4.2.16, 4.3.x and 4.4.x before 4.4.11, and 4.5.x and 5.0.x before 5.0.2, when a local dot configuration is used, allows remote attackers to inject arbitrary web script or HTML via a crafted bug summary. | 4.7 |
| 2016-01-03 | CVE-2015-5036 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5035. | 5.4 |
| 2016-01-03 | CVE-2015-5035 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.x before 3.0.1.1 CR3, 4.0 before CR4, 4.5 before CR5, and 5.0 before CR3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL, a different vulnerability than CVE-2015-5036. | 5.4 |