Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2012-03-13 CVE-2011-1396 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the reportType parameter to an unspecified component.
network
ibm CWE-79
4.3
2012-03-13 CVE-2011-1395 Cross-Site Scripting vulnerability in IBM products
Cross-site scripting (XSS) vulnerability in imicon.jsp in IBM Maximo Asset Management and Asset Management Essentials 6.2, 7.1, and 7.5 allows remote attackers to inject arbitrary web script or HTML via the controlid parameter.
network
ibm CWE-79
4.3
2012-03-09 CVE-2012-0325 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0324.
4.3
2012-03-09 CVE-2012-0324 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in Jenkins before 1.454, Jenkins LTS before 1.424.5, and Jenkins Enterprise 1.400.x before 1.400.0.13 and 1.424.x before 1.424.5.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0325.
4.3
2012-03-09 CVE-2012-0323 Cross-Site Scripting vulnerability in Paul Lesniewsk Autocomplete
Cross-site scripting (XSS) vulnerability in the Autocomplete plugin before 3.0 for SquirrelMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
4.3
2012-03-09 CVE-2011-3046 Cross-Site Scripting vulnerability in Google Chrome
The extension subsystem in Google Chrome before 17.0.963.78 does not properly handle history navigation, which allows remote attackers to execute arbitrary code by leveraging a "Universal XSS (UXSS)" issue.
network
low complexity
google opensuse apple CWE-79
critical
10.0
2012-03-08 CVE-2012-0590 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows user-assisted remote attackers to inject arbitrary web script or HTML via vectors involving a drag-and-drop operation.
network
apple CWE-79
4.3
2012-03-08 CVE-2012-0589 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0588.
network
apple CWE-79
4.3
2012-03-08 CVE-2012-0588 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0587, and CVE-2012-0589.
network
apple CWE-79
4.3
2012-03-08 CVE-2012-0587 Cross-Site Scripting vulnerability in Apple Iphone OS
Cross-site scripting (XSS) vulnerability in WebKit, as used in Apple iOS before 5.1, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2012-0586, CVE-2012-0588, and CVE-2012-0589.
network
apple CWE-79
4.3