Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-26 | CVE-2019-1569 | Cross-site Scripting vulnerability in Paloaltonetworks Expedition The Expedition Migration tool 1.1.8 and earlier may allow an authenticated attacker to run arbitrary JavaScript or HTML in the User Mapping Settings for account name of admin user. | 4.8 |
| 2019-03-26 | CVE-2019-10107 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the myaccount.php "Email Address" field, which is reachable via the "My Preferences -> My Account" section. | 5.4 |
| 2019-03-26 | CVE-2019-10106 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has XSS via the 'moduleinterface.php' Name field, which is reachable via an "Add Category" action to the "Site Admin Settings - News module" section. | 5.4 |
| 2019-03-26 | CVE-2019-10105 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.10 CMS Made Simple 2.2.10 has a Self-XSS vulnerability via the Layout Design Manager "Name" field, which is reachable via a "Create a new Template" action to the Design Manager. | 5.4 |
| 2019-03-26 | CVE-2019-9961 | Cross-site Scripting vulnerability in Wikindx Project Wikindx A cross-site scripting (XSS) vulnerability in ressource view in core/modules/resource/RESOURCEVIEW.php in Wikindx prior to version 5.7.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 6.1 |
| 2019-03-26 | CVE-2019-8987 | Cross-site Scripting vulnerability in Tibco Data Science for AWS and Spotfire Data Science The application server component of TIBCO Software Inc.'s TIBCO Data Science for AWS, and TIBCO Spotfire Data Science contains a persistent cross-site scripting vulnerability that theoretically allows an authenticated user to gain access to all the capabilities of the web interface available to more privileged users. | 5.4 |
| 2019-03-26 | CVE-2019-6341 | Cross-site Scripting vulnerability in multiple products In Drupal 7 versions prior to 7.65; Drupal 8.6 versions prior to 8.6.13;Drupal 8.5 versions prior to 8.5.14. | 5.4 |
| 2019-03-26 | CVE-2019-7646 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.763 is vulnerable to Stored/Persistent XSS for the "Package Name" field via the add_package module parameter. | 4.8 |
| 2019-03-25 | CVE-2018-15583 | Cross-site Scripting vulnerability in SIR Gnuboard Cross-Site Scripting (XSS) vulnerability in point_list.php in GNUBOARD5 before 5.3.1.6 allows remote attackers to inject arbitrary web script or HTML via the popup title parameter. | 6.1 |
| 2019-03-25 | CVE-2017-7340 | Cross-site Scripting vulnerability in Fortinet Fortiportal A Cross-Site Scripting vulnerability in Fortinet FortiPortal versions 4.0.0 and below allows an attacker to execute unauthorized code or commands via the applicationSearch parameter in the FortiView functionality. | 6.1 |