Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2016-08-07 CVE-2016-6634 Cross-site Scripting vulnerability in Wordpress
Cross-site scripting (XSS) vulnerability in the network settings page in WordPress before 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
wordpress CWE-79
6.1
6.1
2016-08-07 CVE-2015-8935 Cross-site Scripting vulnerability in PHP
The sapi_header_op function in main/SAPI.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 supports deprecated line folding without considering browser compatibility, which allows remote attackers to conduct cross-site scripting (XSS) attacks against Internet Explorer by leveraging (1) %0A%20 or (2) %0D%0A%20 mishandling in the header function.
network
low complexity
php CWE-79
6.1
6.1
2016-08-05 CVE-2016-6186 Cross-site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in the dismissChangeRelatedObjectPopup function in contrib/admin/static/admin/js/admin/RelatedObjectLookups.js in Django before 1.8.14, 1.9.x before 1.9.8, and 1.10.x before 1.10rc1 allows remote attackers to inject arbitrary web script or HTML via vectors involving unsafe usage of Element.innerHTML.
network
low complexity
debian djangoproject CWE-79
6.1
6.1
2016-08-05 CVE-2016-0782 Cross-site Scripting vulnerability in Apache Activemq
The administration web console in Apache ActiveMQ 5.x before 5.11.4, 5.12.x before 5.12.3, and 5.13.x before 5.13.2 allows remote authenticated users to conduct cross-site scripting (XSS) attacks and consequently obtain sensitive information from a Java memory dump via vectors related to creating a queue.
network
low complexity
apache CWE-79
5.4
5.4
2016-08-05 CVE-2016-3196 Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware
Cross-site scripting (XSS) vulnerability in Fortinet FortiAnalyzer 5.x before 5.0.12 and 5.2.x before 5.2.6 and FortiManager 5.x before 5.0.12 and 5.2.x before 5.2.6 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an image uploaded in the report section.
network
low complexity
fortinet CWE-79
5.4
5.4
2016-08-05 CVE-2016-3097 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via a group name, related to viewing snapshot data.
network
low complexity
redhat CWE-79
6.1
6.1
2016-08-05 CVE-2016-3080 Cross-site Scripting vulnerability in Redhat Satellite 5.7
Cross-site scripting (XSS) vulnerability in spacewalk-java in Red Hat Satellite 5.7 allows remote attackers to inject arbitrary web script or HTML via the (1) RHNMD User or (2) Filesystem parameters, related to display of monitoring probes.
network
low complexity
redhat CWE-79
6.1
6.1
2016-08-05 CVE-2016-5262 Cross-site Scripting vulnerability in multiple products
Mozilla Firefox before 48.0 and Firefox ESR 45.x before 45.3 process JavaScript event-handler attributes of a MARQUEE element within a sandboxed IFRAME element that lacks the sandbox="allow-scripts" attribute value, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via a crafted web site.
network
low complexity
mozilla oracle CWE-79
6.1
6.1
2016-08-03 CVE-2016-4833 Cross-site Scripting vulnerability in Nofollow Links Project Nofollow Links
Cross-site scripting (XSS) vulnerability in the Nofollow Links plugin before 1.0.11 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
nofollow-links-project CWE-79
6.1
6.1
2016-08-01 CVE-2016-1609 Cross-site Scripting vulnerability in Novell Filr 1.2/2.0
Multiple cross-site scripting (XSS) vulnerabilities in Novell Filr before 1.2 Security Update 3 and 2.0 before Security Update 2 allow remote authenticated users to inject arbitrary web script or HTML via crafted input, as demonstrated by a crafted attribute of an IMG element in the phone field of a user profile.
network
low complexity
novell CWE-79
5.4
5.4