Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2016-08-31 | CVE-2016-7119 | Cross-site Scripting vulnerability in Dotnetnuke Cross-site scripting (XSS) vulnerability in the user-profile biography section in DotNetNuke (DNN) before 8.0.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted onclick attribute in an IMG element. | 5.4 |
| 2016-08-29 | CVE-2016-5721 | Cross-site Scripting vulnerability in Zimbra Collaboration Server Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2016-08-26 | CVE-2015-5399 | Cross-site Scripting vulnerability in PHPvibe 4.20 Cross-site scripting (XSS) vulnerability in PHPVibe before 4.21 allows remote authenticated users to inject arbitrary web script or HTML via a comment. | 5.4 |
| 2016-08-26 | CVE-2016-5663 | Cross-site Scripting vulnerability in Accellion Kiteworks Appliance Kw2016.03.00 Multiple cross-site scripting (XSS) vulnerabilities in oauth_callback.php on Accellion Kiteworks appliances before kw2016.03.00 allow remote attackers to inject arbitrary web script or HTML via the (1) code, (2) error, or (3) error_description parameter. | 6.1 |
| 2016-08-23 | CVE-2016-6365 | Cross-site Scripting vulnerability in Cisco Firepower Management Center Cross-site scripting (XSS) vulnerability in Cisco Firepower Management Center 4.10.3, 5.2.0, 5.3.0, 5.3.0.2, 5.3.1, and 5.4.0 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug IDs CSCur25508 and CSCur25518. | 6.1 |
| 2016-08-22 | CVE-2016-6359 | Cross-site Scripting vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) Cross-site scripting (XSS) vulnerability in Cisco Transport Gateway Installation Software 4.1(4.0) on Smart Call Home Transport Gateway devices allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug IDs CSCva40650 and CSCva40817. | 6.1 |
| 2016-08-22 | CVE-2016-1485 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 1.3(0.876) Cross-site scripting (XSS) vulnerability in Cisco Identity Services Engine 1.3(0.876) allows remote attackers to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCva46497. | 6.1 |
| 2016-08-22 | CVE-2016-1476 | Cross-site Scripting vulnerability in Cisco IP Phone 8800 Series Firmware 11.0Base Cross-site scripting (XSS) vulnerability on Cisco IP Phone 8800 devices with software 11.0 allows remote authenticated users to inject arbitrary web script or HTML via crafted parameters, aka Bug ID CSCuz03024. | 5.4 |
| 2016-08-19 | CVE-2016-6320 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in app/assets/javascripts/host_edit_interfaces.js in Foreman before 1.12.2 allows remote authenticated users to inject arbitrary web script or HTML via the network interface device identifier in the host interface form. | 5.4 |
| 2016-08-19 | CVE-2016-6319 | Cross-site Scripting vulnerability in Theforeman Foreman Cross-site scripting (XSS) vulnerability in app/helpers/form_helper.rb in Foreman before 1.12.2, as used by Remote Execution and possibly other plugins, allows remote attackers to inject arbitrary web script or HTML via the label parameter. | 6.1 |