Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-27 | CVE-2019-10238 | Cross-site Scripting vulnerability in Sitemagic 4.4 Sitemagic CMS v4.4 has XSS in SMFiles/FrmUpload.class.php via the filename parameter. | 6.1 |
| 2019-03-27 | CVE-2018-19644 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Reflected cross site script issue in Micro Focus Solutions Business Manager (SBM) (formerly Serena Business Manager (SBM)) versions prior to 11.5. | 6.1 |
| 2019-03-27 | CVE-2017-18364 | Cross-site Scripting vulnerability in Frank-Karau PHPfk phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. | 6.1 |
| 2019-03-27 | CVE-2019-5926 | Cross-site Scripting vulnerability in Kinagacms Project Kinagacms Cross-site scripting vulnerability in KinagaCMS versions prior to 6.5 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2019-03-27 | CVE-2019-3847 | Cross-site Scripting vulnerability in Moodle A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. | 4.8 |
| 2019-03-27 | CVE-2018-10934 | Cross-site Scripting vulnerability in Redhat products A cross-site scripting (XSS) vulnerability was found in the JBoss Management Console versions before 7.1.6.CR1, 7.1.6.GA. | 5.4 |
| 2019-03-27 | CVE-2019-10118 | Cross-site Scripting vulnerability in Snipeitapp Snipe-It Snipe-IT before 4.6.14 has XSS, as demonstrated by log_meta values and the user's last name in the API. | 6.1 |
| 2019-03-27 | CVE-2016-10744 | Cross-site Scripting vulnerability in Select2 In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. | 6.1 |
| 2019-03-26 | CVE-2019-1571 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the RADIUS server settings. | 4.8 |
| 2019-03-26 | CVE-2019-1570 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the LDAP server settings. | 4.8 |