Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-04-12 | CVE-2018-13137 | Cross-site Scripting vulnerability in Pixelite Events Manager 5.9.4 The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | 4.8 |
| 2019-04-12 | CVE-2019-1574 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition Migration Tool Cross-site scripting (XSS) vulnerability in Palo Alto Networks Expedition Migration tool 1.1.12 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the Devices View. | 5.4 |
| 2019-04-11 | CVE-2019-6796 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. | 6.1 |
| 2019-04-11 | CVE-2018-19202 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in index.php in MyBB 1.8.x through 1.8.19 allows remote attackers to inject JavaScript via the 'upsetting[bburl]' parameter. | 6.1 |
| 2019-04-11 | CVE-2019-7219 | Cross-site Scripting vulnerability in Zarafa Webaccess 7.2.048204 Unauthenticated reflected cross-site scripting (XSS) exists in Zarafa Webapp 2.0.1.47791 and earlier. | 6.1 |
| 2019-04-10 | CVE-2018-14683 | Cross-site Scripting vulnerability in Paessler Prtg Network Monitor PRTG before 19.1.49.1966 has Cross Site Scripting (XSS) in the WEBGUI. | 6.1 |
| 2019-04-10 | CVE-2019-1003050 | Cross-site Scripting vulnerability in multiple products The f:validateButton form control for the Jenkins UI did not properly escape job URLs in Jenkins 2.171 and earlier and Jenkins LTS 2.164.1 and earlier, resulting in a cross-site scripting (XSS) vulnerability exploitable by users with the ability to control job names. | 5.4 |
| 2019-04-10 | CVE-2019-0216 | Cross-site Scripting vulnerability in Apache Airflow A malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views. | 4.8 |
| 2019-04-10 | CVE-2019-7551 | Cross-site Scripting vulnerability in Cantemo Portal Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. | 9.0 |
| 2019-04-09 | CVE-2019-9696 | Cross-site Scripting vulnerability in Symantec VIP Enterprise Gateway Symantec VIP Enterprise Gateway (all versions) may be susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 6.1 |