Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-13 | CVE-2024-41614 | Cross-site Scripting vulnerability in Symphony-Cms Symphony CMS symphonycms <=2.7.10 is vulnerable to Cross Site Scripting (XSS) in the Comment component for articles. | 4.8 |
| 2024-08-13 | CVE-2023-26211 | Cross-site Scripting vulnerability in Fortinet Fortisoar An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiSOAR 7.3.0 through 7.3.2 allows an authenticated, remote attacker to inject arbitrary web script or HTML via the Communications module. | 9.0 |
| 2024-08-13 | CVE-2024-38501 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a HTML injection vulnerability with limited length to inject malicious HTML code and gain low-privileged access on the affected device. | 6.1 |
| 2024-08-13 | CVE-2024-38502 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use stored XSS vulnerability to obtain information from a user or reboot the affected device once. | 7.1 |
| 2024-08-13 | CVE-2024-5849 | Cross-site Scripting vulnerability in Pepperl-Fuchs products An unauthenticated remote attacker may use a reflected XSS vulnerability to obtain information from a user or reboot the affected device once. | 7.1 |
| 2024-08-13 | CVE-2024-41774 | Cross-site Scripting vulnerability in IBM Common Licensing 9.0 IBM Common Licensing 9.0 is vulnerable to stored cross-site scripting. | 4.8 |
| 2024-08-13 | CVE-2024-41735 | Cross-site Scripting vulnerability in SAP Commerce Backoffice Hycom2205 SAP Commerce Backoffice does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability causing low impact on confidentiality and integrity of the application. | 5.4 |
| 2024-08-12 | CVE-2024-43358 | Cross-site Scripting vulnerability in Zoneminder ZoneMinder is a free, open source closed-circuit television software application. | 6.1 |
| 2024-08-12 | CVE-2024-43359 | Cross-site Scripting vulnerability in Zoneminder ZoneMinder is a free, open source closed-circuit television software application. | 6.1 |
| 2024-08-12 | CVE-2024-40500 | Cross-site Scripting vulnerability in Scilico I-Librarian Cross Site Scripting vulnerability in Martin Kucej i-librarian v.5.11.0 and before allows a local attacker to execute arbitrary code via the search function in the import component. | 8.6 |