Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-29 | CVE-2018-19201 | Cross-site Scripting vulnerability in Mybb A reflected XSS vulnerability in the ModCP Profile Editor in MyBB before 1.8.20 allows remote attackers to inject JavaScript via the 'username' parameter. | 6.1 |
| 2019-03-29 | CVE-2019-9919 | Cross-site Scripting vulnerability in Harmistechnology JE Messenger 1.2.2 An issue was discovered in the Harmis JE Messenger component 1.2.2 for Joomla!. | 5.4 |
| 2019-03-29 | CVE-2019-9605 | Cross-site Scripting vulnerability in Online Lottery PHP Readymade Script Project Online Lottery PHP Readymade Script 1.7.0 PHP Scripts Mall Online Lottery PHP Readymade Script 1.7.0 has Reflected Cross-site Scripting (XSS) via the err value in a .ico picture upload. | 5.4 |
| 2019-03-28 | CVE-2019-0224 | Cross-site Scripting vulnerability in Apache Jspwiki In Apache JSPWiki 2.9.0 to 2.11.0.M2, a carefully crafted URL could execute javascript on another user's session. | 6.1 |
| 2019-03-28 | CVE-2019-9167 | Cross-site Scripting vulnerability in Nagios XI Cross-site scripting (XSS) vulnerability in Nagios XI before 5.5.11 allows attackers to inject arbitrary web script or HTML via the xiwindow parameter. | 6.1 |
| 2019-03-28 | CVE-2019-1003042 | Cross-site Scripting vulnerability in Jenkins Lockable Resources A cross site scripting vulnerability in Jenkins Lockable Resources Plugin 2.4 and earlier allows attackers able to control resource names to inject arbitrary JavaScript in web pages rendered by the plugin. | 5.4 |
| 2019-03-28 | CVE-2019-9164 | Cross-site Scripting vulnerability in Nagios XI Command injection in Nagios XI before 5.5.11 allows an authenticated users to execute arbitrary remote commands via a new autodiscovery job. | 8.8 |
| 2019-03-28 | CVE-2019-10260 | Cross-site Scripting vulnerability in Totaljs Total.Js CMS 12.0.0 Total.js CMS 12.0.0 has XSS related to themes/admin/views/index.html (item.message) and themes/admin/public/ui.js (column.format). | 6.1 |
| 2019-03-28 | CVE-2019-10254 | Cross-site Scripting vulnerability in Misp In MISP before 2.4.105, the app/View/Layouts/default.ctp default layout template has a Reflected XSS vulnerability. | 6.1 |
| 2019-03-27 | CVE-2018-15585 | Cross-site Scripting vulnerability in SIR Gnuboard Cross-Site Scripting (XSS) vulnerability in newwinform.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | 6.1 |