Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-09-11 CVE-2016-5165 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the Developer Tools (aka DevTools) subsystem in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux allows remote attackers to inject arbitrary web script or HTML via the settings parameter in a chrome-devtools-frontend.appspot.com URL's query string.
network
low complexity
google opensuse CWE-79
6.1
6.1
2016-09-11 CVE-2016-5164 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in WebKit/Source/platform/v8_inspector/V8Debugger.cpp in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML into the Developer Tools (aka DevTools) subsystem via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
google opensuse CWE-79
6.1
6.1
2016-09-11 CVE-2016-5148 Cross-site Scripting vulnerability in Google Chrome
Cross-site scripting (XSS) vulnerability in Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, allows remote attackers to inject arbitrary web script or HTML via vectors related to widget updates, aka "Universal XSS (UXSS)."
network
low complexity
google CWE-79
6.1
6.1
2016-09-11 CVE-2016-5147 Cross-site Scripting vulnerability in Google Chrome
Blink, as used in Google Chrome before 53.0.2785.89 on Windows and OS X and before 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote attackers to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
network
low complexity
google CWE-79
6.1
6.1
2016-09-08 CVE-2016-4380 Cross-site Scripting vulnerability in HP Operations Manager 9.21
Cross-site scripting (XSS) vulnerability in the AdminUI in HPE Operations Manager 9.21.x before 9.21.130 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
hp CWE-79
5.4
5.4
2016-09-07 CVE-2016-6316 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Action View in Ruby on Rails 3.x before 3.2.22.3, 4.x before 4.2.7.1, and 5.x before 5.0.0.1 might allow remote attackers to inject arbitrary web script or HTML via text declared as "HTML safe" and used as attribute values in tag handlers.
network
low complexity
rubyonrails debian CWE-79
6.1
6.1
2016-09-07 CVE-2016-7033 Cross-site Scripting vulnerability in Redhat Jboss BPM Suite 6.3.2
Multiple cross-site scripting (XSS) vulnerabilities in the admin pages in dashbuilder in Red Hat JBoss BPM Suite 6.3.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
redhat CWE-79
6.1
6.1
2016-09-03 CVE-2015-5720 Cross-site Scripting vulnerability in Misp-Project Malware Information Sharing Platform
Multiple cross-site scripting (XSS) vulnerabilities in the template-creation feature in Malware Information Sharing Platform (MISP) before 2.3.90 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) add.ctp, (2) edit.ctp, and (3) ajaxification.js.
network
low complexity
misp-project CWE-79
6.1
6.1
2016-09-02 CVE-2016-4851 Cross-site Scripting vulnerability in Let'S PHP! Simple Chat
Cross-site scripting (XSS) vulnerability in Let's PHP! simple chat before 2016-08-15 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
let-s-php CWE-79
6.1
6.1
2016-09-02 CVE-2016-4848 Cross-site Scripting vulnerability in Clip-Bucket Clipbucket
Cross-site scripting (XSS) vulnerability in ClipBucket before 2.8.1 RC2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
clip-bucket CWE-79
6.1
6.1