Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-11-12 | CVE-2019-17330 | Cross-site Scripting vulnerability in Tibco EBX The Web server component of TIBCO Software Inc.'s TIBCO EBX contains multiple vulnerabilities that theoretically allow authenticated users to perform stored cross-site scripting (XSS) attacks, and unauthenticated users to perform reflected cross-site scripting attacks. | 4.3 |
| 2019-11-12 | CVE-2019-18926 | Cross-site Scripting vulnerability in Systematicinc Iris Standards Management 2.1 Systematic IRIS Standards Management (ISM) v2.1 SP1 89 is vulnerable to unauthenticated reflected Cross Site Scripting (XSS). | 4.3 |
| 2019-11-12 | CVE-2019-17236 | Cross-site Scripting vulnerability in Getigniteup Igniteup includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | 4.3 |
| 2019-11-12 | CVE-2011-3370 | Cross-site Scripting vulnerability in Status Statusnet 0.9.6/1.0.0 statusnet before 0.9.9 has XSS | 4.3 |
| 2019-11-12 | CVE-2011-2935 | Cross-site Scripting vulnerability in Elgg Elgg through 1.7.10 has XSS | 4.3 |
| 2019-11-12 | CVE-2019-18882 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows stored XSS in download-userinfo.jag because Content-Type is mishandled. | 4.3 |
| 2019-11-12 | CVE-2019-18881 | Cross-site Scripting vulnerability in Wso2 Identity Server 5.7.0 WSO2 IS as Key Manager 5.7.0 allows unauthenticated reflected XSS in the dashboard user profile. | 4.3 |
| 2019-11-12 | CVE-2019-18873 | Cross-site Scripting vulnerability in Fudforum 3.0.9 FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. | 8.5 |
| 2019-11-11 | CVE-2019-18857 | Cross-site Scripting vulnerability in Svg-Sanitizer Project Svg-Sanitizer darylldoyle svg-sanitizer before 0.12.0 mishandles script and data values in attributes, as demonstrated by unexpected whitespace such as in the javascript	:alert substring. | 5.0 |
| 2019-11-09 | CVE-2009-2802 | Cross-site Scripting vulnerability in Mantisbt 1.2.0/1.2.1 MantisBT 1.2.x before 1.2.2 insecurely handles attachments and MIME types. | 4.3 |