Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-24 | CVE-2019-12094 | Cross-site Scripting vulnerability in Horde Groupware Horde Groupware Webmail Edition through 5.2.22 allows XSS via an admin/user.php?form=update_f&user_name= or admin/user.php?form=remove_f&user_name= or admin/config/diff.php?app= URI. | 4.3 |
| 2019-10-24 | CVE-2019-17581 | Cross-site Scripting vulnerability in Dormsystem Project Dormsystem 1.1/1.2/1.3 tonyy dormsystem through 1.3 allows DOM XSS. | 4.3 |
| 2019-10-24 | CVE-2019-4486 | Cross-site Scripting vulnerability in IBM products IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting. | 3.5 |
| 2019-10-24 | CVE-2019-4459 | Cross-site Scripting vulnerability in IBM Cloud Orchestrator IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise 2.5 through 2.5.0.9 and 2.4 through 2.4.0.5 is vulnerable to cross-site scripting. | 3.5 |
| 2019-10-23 | CVE-2019-18357 | Cross-site Scripting vulnerability in Thycotic Secret Server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 2 of 2). | 4.3 |
| 2019-10-23 | CVE-2019-18356 | Cross-site Scripting vulnerability in Thycotic Secret Server An XSS issue was discovered in Thycotic Secret Server before 10.7 (issue 1 of 2). | 4.3 |
| 2019-10-23 | CVE-2019-18350 | Cross-site Scripting vulnerability in Ant.Design ANT Design PRO 4.0.0 In Ant Design Pro 4.0.0, reflected XSS in the user/login redirect GET parameter affects the authorization component, leading to execution of JavaScript code in the login after-action script. | 4.3 |
| 2019-10-23 | CVE-2019-17606 | Cross-site Scripting vulnerability in Hexo-Admin Project Hexo-Admin The Post editor functionality in the hexo-admin plugin versions 2.3.0 and earlier for Node.js is vulnerable to stored XSS via the content of a post. | 6.1 |
| 2019-10-23 | CVE-2019-16977 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\extensions\extension_imports.php uses an unsanitized "query_string" variable coming from the URL, which is reflected in HTML, leading to XSS. | 4.3 |
| 2019-10-23 | CVE-2015-9524 | Cross-site Scripting vulnerability in multiple products The Easy Digital Downloads (EDD) Recount Earnings extension for WordPress, as used with EDD 1.8.x before 1.8.7, 1.9.x before 1.9.10, 2.0.x before 2.0.5, 2.1.x before 2.1.11, 2.2.x before 2.2.9, and 2.3.x before 2.3.7, has XSS because add_query_arg is misused. | 4.3 |