Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-05-30 CVE-2019-12460 Cross-site Scripting vulnerability in Webport web Port 1.19.1
Web Port 1.19.1 allows XSS via the /access/setup type parameter.
network
webport CWE-79
4.3
4.3
2019-05-29 CVE-2018-18631 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
mailboxd component in Synacor Zimbra Collaboration Suite 8.6, 8.7 before 8.7.11 Patch 7, and 8.8 before 8.8.10 Patch 2 has Persistent XSS.
network
synacor CWE-79
4.3
4.3
2019-05-29 CVE-2018-14013 Cross-site Scripting vulnerability in Synacor Zimbra Collaboration Suite
Synacor Zimbra Collaboration Suite Collaboration before 8.8.11 has XSS in the AJAX and html web clients.
network
synacor CWE-79
4.3
4.3
2019-05-29 CVE-2019-12347 Cross-site Scripting vulnerability in Netgate Pfsense 2.4.4
In pfSense 2.4.4-p3, a stored XSS vulnerability occurs when attackers inject a payload into the Name or Description field via an acme_accountkeys_edit.php action.
network
netgate CWE-79
4.3
4.3
2019-05-29 CVE-2019-7129 Cross-site Scripting vulnerability in Adobe Experience Manager Forms 6.2/6.3/6.4
Adobe Experience Manager Forms versions 6.2, 6.3 and 6.4 have a stored cross-site scripting vulnerability.
network
adobe CWE-79
4.3
4.3
2019-05-29 CVE-2019-4184 Cross-site Scripting vulnerability in IBM Jazz Reporting Service
IBM Jazz Reporting Service 6.0 through 6.0.6.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2019-05-29 CVE-2019-4139 Cross-site Scripting vulnerability in IBM Cognos Analytics 11.0.0/11.1.0/11.1.1
IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2019-05-29 CVE-2019-4137 Cross-site Scripting vulnerability in IBM Spectrum Control
IBM Tivoli Storage Productivity Center 5.2.13 through 5.3.0.1 is vulnerable to cross-site scripting.
network
ibm CWE-79
4.3
4.3
2019-05-28 CVE-2019-0221 Cross-site Scripting vulnerability in Apache Tomcat
The SSI printenv command in Apache Tomcat 9.0.0.M1 to 9.0.0.17, 8.5.0 to 8.5.39 and 7.0.0 to 7.0.93 echoes user provided data without escaping and is, therefore, vulnerable to XSS.
network
low complexity
apache CWE-79
6.1
6.1
2019-05-28 CVE-2018-13375 Cross-site Scripting vulnerability in Fortinet Fortianalyzer and Fortimanager
An Improper Neutralization of Script-Related HTML Tags in Fortinet FortiAnalyzer 5.6.0 and below and FortiManager 5.6.0 and below allows an attacker to send DHCP request containing malicious scripts in the HOSTNAME parameter.
network
fortinet CWE-79
4.3
4.3