Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-12 | CVE-2019-17522 | Cross-site Scripting vulnerability in Hotarucms 1.7.2 A stored XSS vulnerability was discovered in Hotaru CMS v1.7.2 via the admin_index.php?page=settings SITE NAME field (aka SITE_NAME), a related issue to CVE-2011-4709.1. | 3.5 |
2019-10-11 | CVE-2019-17176 | Cross-site Scripting vulnerability in Genesys Eservices Chat 8.1.0/8.1.200.03 Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | 4.3 |
2019-10-11 | CVE-2019-17504 | Cross-site Scripting vulnerability in Kirona Dynamic Resource Scheduling 5.5.3.5 An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. | 4.3 |
2019-10-11 | CVE-2010-5340 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0. | 4.3 |
2019-10-11 | CVE-2010-5339 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
2019-10-11 | CVE-2010-5338 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
2019-10-11 | CVE-2010-5337 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0. | 4.3 |
2019-10-11 | CVE-2010-5336 | Cross-site Scripting vulnerability in Icewarp Webclient 10.0/10.1.3/10.2.0 IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0. | 4.3 |
2019-10-11 | CVE-2019-17496 | Cross-site Scripting vulnerability in Craftcms Craft CMS Craft CMS before 3.3.8 has stored XSS via a name field. | 4.3 |
2019-10-10 | CVE-2019-17494 | Cross-site Scripting vulnerability in Laravel-Bjyblog Project Laravel-Bjyblog 6.1.1 laravel-bjyblog 6.1.1 has XSS via a crafted URL. | 4.3 |