Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-31 | CVE-2019-16295 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.855 Stored XSS in filemanager2.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.885 exists via the cmd_arg parameter. | 4.6 |
| 2019-10-31 | CVE-2013-1951 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.5 and 1.20.x before 1.20.4 and allows remote attackers to inject arbitrary web script or HTML via Lua function names. | 4.3 |
| 2019-10-31 | CVE-2013-1934 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.0rc1 before 1.2.14 allows remote authenticated users to inject arbitrary web script or HTML via a complex value. | 3.5 |
| 2019-10-31 | CVE-2013-1932 | Cross-site Scripting vulnerability in Mantisbt 1.2.13 A cross-site scripting (XSS) vulnerability in the configuration report page (adm_config_report.php) in MantisBT 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via a project name. | 3.5 |
| 2019-10-31 | CVE-2013-1931 | Cross-site Scripting vulnerability in multiple products A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version. | 4.3 |
| 2019-10-31 | CVE-2019-18656 | Cross-site Scripting vulnerability in Pimcore 6.2.3 Pimcore 6.2.3 has XSS in the translations grid because bundles/AdminBundle/Resources/public/js/pimcore/settings/translations.js mishandles certain HTML elements. | 4.3 |
| 2019-10-31 | CVE-2019-17551 | Cross-site Scripting vulnerability in Apakgroup Wholesale Floorplanning Finance 6.31.8.3/6.31.8.5 In Apak Wholesale Floorplanning Finance 6.31.8.3 and 6.31.8.5, an attacker can send an authenticated POST request with a malicious payload to /WFS/agreementView.faces allowing a stored XSS via the mainForm:loanNotesnotes:0:rich_text_editor_note_text parameter in the Notes section. | 4.3 |
| 2019-10-30 | CVE-2010-1673 | Cross-site Scripting vulnerability in Ikiwiki A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment. | 4.3 |
| 2019-10-30 | CVE-2019-12417 | Cross-site Scripting vulnerability in Apache Airflow A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-10-30 | CVE-2019-18207 | Cross-site Scripting vulnerability in Zucchetti Infobusiness 4.4.1 In Zucchetti InfoBusiness before and including 4.4.1, an authenticated user can inject client-side code due to improper validation of the Title field in the InfoBusiness Web Component. | 3.5 |