Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-01-02 CVE-2015-7431 Cross-site Scripting vulnerability in IBM Sterling B2B Integrator 5.2
Cross-site scripting (XSS) vulnerability in Queue Watcher in IBM Sterling B2B Integrator 5.2 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
6.1
6.1
2016-01-02 CVE-2015-7451 Cross-site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management 7.5 before 7.5.0.9 IF2 and 7.6 before 7.6.0.3 FP3 and Maximo Asset Management 7.5 before 7.5.0.9 IF2, 7.5.1, and 7.6 before 7.6.0.3 FP3 for SmartCloud Control Desk allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4
2016-01-02 CVE-2015-7402 Cross-site Scripting vulnerability in IBM Curam Social Program Management 6.1
Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.1 before 6.1.1.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4
2016-01-01 CVE-2015-7409 Cross-site Scripting vulnerability in IBM Qradar Security Information and Event Manager
Cross-site scripting (XSS) vulnerability in IBM Security QRadar SIEM 7.2.x before 7.2.6 allows remote authenticated users to inject arbitrary web script or HTML via an unspecified field.
network
low complexity
ibm CWE-79
5.4
5.4
2016-01-01 CVE-2015-7415 Cross-site Scripting vulnerability in IBM Urbancode Deploy
Multiple cross-site scripting (XSS) vulnerabilities in IBM UrbanCode Deploy 6.0 before 6.0.1.12, 6.1 before 6.1.3.2, and 6.2 before 6.2.0.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted URL.
network
low complexity
ibm CWE-79
5.4
5.4
2015-12-31 CVE-2015-6017 Cross-site Scripting vulnerability in Zyxel P-660Hw-T1 V2 Firmware 3.40(Axh.0)
Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0) allow remote attackers to inject arbitrary web script or HTML via the (1) LoginPassword or (2) hiddenPassword parameter.
network
low complexity
zyxel CWE-79
6.1
6.1
2015-12-30 CVE-2015-7790 Cross-site Scripting vulnerability in Asus Wl-330Nul Firmware 3.0.0.41
Cross-site scripting (XSS) vulnerability on ASUS Japan WL-330NUL devices with firmware before 3.0.0.42 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
asus CWE-79
6.1
6.1
2015-12-30 CVE-2015-7782 Cross-site Scripting vulnerability in Let'S PHP! Frame High-Speed Chat
Cross-site scripting (XSS) vulnerability in Let's PHP! Frame high-speed chat before 2015-09-22 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
let-s-php CWE-79
6.1
6.1
2015-12-30 CVE-2015-7252 Cross-site Scripting vulnerability in ZTE Zxhn H108N R1A Firmware Zte.Bhs.Zxhnh108Nr1A.Hpe
Cross-site scripting (XSS) vulnerability in cgi-bin/webproc on ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.k_PE allows remote attackers to inject arbitrary web script or HTML via the errorpage parameter.
network
low complexity
zte CWE-79
6.1
6.1
2015-12-29 CVE-2015-7786 Cross-site Scripting vulnerability in Nttdata web Analytics Service
Cross-site scripting (XSS) vulnerability in the NTT DATA Smart Sourcing JavaScript module 2003-11-26 through 2013-07-09 for Web Analytics Service allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
nttdata CWE-79
6.1
6.1