Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-03-21 | CVE-2019-7424 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/index.jsp" file in the view GET parameter or any of these POST parameters: autorefTime, section, snapshot, viewOpt, viewAll, view, or groupSelName. | 6.1 |
| 2019-03-21 | CVE-2019-7423 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/editProfile.jsp" file in the userName parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7422 | Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer 7.0.0.2 XSS exists in Zoho ManageEngine Netflow Analyzer Professional v7.0.0.2 in the Administration zone "/netflow/jspui/addMailSettings.jsp" file in the gF parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7421 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.login/gnb/loginView.sws" in multiple parameters: contextpath and basedURL. | 6.1 |
| 2019-03-21 | CVE-2019-7420 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws.application/information/networkinformationView.sws" in the tabName parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7419 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/leftmenu.sws" in multiple parameters: ruiFw_id, ruiFw_pid, ruiFw_title. | 6.1 |
| 2019-03-21 | CVE-2019-7418 | Cross-site Scripting vulnerability in Samsung Syncthru web Service and X7400Gx Firmware XSS exists in SAMSUNG X7400GX SyncThru Web Service V6.A6.25 V11.01.05.25_08-21-2015 in "/sws/swsAlert.sws" in multiple parameters: flag, frame, func, and Nfunc. | 6.1 |
| 2019-03-21 | CVE-2019-7417 | Cross-site Scripting vulnerability in Ericsson Active Library Explorer 14.3 XSS exists in Ericsson Active Library Explorer (ALEX) 14.3 in multiple parameters in the "/cgi-bin/alexserv" servlet, as demonstrated by the DB, FN, fn, or id parameter. | 6.1 |
| 2019-03-21 | CVE-2019-7299 | Cross-site Scripting vulnerability in Wpsupportplus WP Support Plus Responsive Ticket System 9.1.1 A stored cross-site scripting (XSS) vulnerability in the submit_ticket.php module in the WP Support Plus Responsive Ticket System plugin 9.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the subject parameter in wp-content/plugins/wp-support-plus-responsive-ticket-system/includes/ajax/submit_ticket.php. | 6.1 |
| 2019-03-21 | CVE-2019-7223 | Cross-site Scripting vulnerability in Invoiceplane InvoicePlane 1.5 has stored XSS via the index.php/invoices/ajax/save invoice_password parameter, aka the "PDF password" field to the "Create Invoice" option. | 5.4 |