Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-16 | CVE-2019-17625 | Cross-site Scripting vulnerability in Rambox 0.6.9 There is a stored XSS in Rambox 0.6.9 that can lead to code execution. | 8.5 |
2019-10-16 | CVE-2016-11016 | Cross-site Scripting vulnerability in Netgear Jnr1010 Firmware NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. | 4.3 |
2019-10-16 | CVE-2019-13392 | Cross-site Scripting vulnerability in Mindpalette Natemail 3.0.15 A reflected Cross-Site Scripting (XSS) vulnerability in MindPalette NateMail 3.0.15 allows an attacker to execute remote JavaScript in a victim's browser via a specially crafted POST request. | 4.3 |
2019-10-15 | CVE-2017-1002201 | Cross-site Scripting vulnerability in multiple products In haml versions prior to version 5.0.0.beta.2, when using user input to perform tasks on the server, characters like < > " ' must be escaped properly. | 4.3 |
2019-10-15 | CVE-2019-17223 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | 6.1 |
2019-10-14 | CVE-2019-16282 | Cross-site Scripting vulnerability in Nchsoftware Express Invoice 7.12 In NCH Express Invoice v7.12, persistent cross site scripting (XSS) exists via the Invoices/Items/Customers/Quotes input field. | 3.5 |
2019-10-14 | CVE-2019-14227 | Cross-site Scripting vulnerability in Open-Xchange Appsuite 7.10.1/7.10.2 OX App Suite 7.10.1 and 7.10.2 allows XSS. | 4.3 |
2019-10-14 | CVE-2019-17579 | Cross-site Scripting vulnerability in Sonarsource Sonarqube SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | 4.3 |
2019-10-14 | CVE-2019-16344 | Cross-site Scripting vulnerability in Scadabr 1.0Ce A cross-site scripting (XSS) vulnerability in the login form (/ScadaBR/login.htm) in ScadaBR 1.0CE allows a remote attacker to inject arbitrary web script or HTML via the username or password parameter. | 4.3 |
2019-10-13 | CVE-2019-17535 | Cross-site Scripting vulnerability in Gilacms Gila CMS Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647. | 4.3 |