Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-10 | CVE-2019-17493 | Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update. | 4.3 |
2019-10-10 | CVE-2019-17491 | Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update. | 4.3 |
2019-10-10 | CVE-2019-17489 | Cross-site Scripting vulnerability in Jnoj Jiangnan Online Judge 0.8.0 Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create. | 4.3 |
2019-10-10 | CVE-2019-17488 | Cross-site Scripting vulnerability in B3Log Symphony b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header. | 4.3 |
2019-10-10 | CVE-2015-9478 | Cross-site Scripting vulnerability in No-Margin-For-Error Prettyphoto prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. | 4.3 |
2019-10-10 | CVE-2015-9472 | Cross-site Scripting vulnerability in Monitorbacklinks Incoming Links The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. | 4.3 |
2019-10-10 | CVE-2015-9469 | Cross-site Scripting vulnerability in Cybercraftit Content-Grabber 1.0 The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | 3.5 |
2019-10-10 | CVE-2015-9468 | Cross-site Scripting vulnerability in K-78 Broken Link Manager 0.4.5 The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | 4.3 |
2019-10-10 | CVE-2015-9459 | Cross-site Scripting vulnerability in SEO Searchterms Tagging 2 Project SEO Searchterms Tagging 2 The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. | 4.3 |
2019-10-10 | CVE-2019-1375 | Cross-site Scripting vulnerability in Microsoft Dynamics 365 A cross site scripting vulnerability exists when Microsoft Dynamics 365 (on-premises) does not properly sanitize a specially crafted web request to an affected Dynamics server, aka 'Microsoft Dynamics 365 (On-Premise) Cross Site Scripting Vulnerability'. | 3.5 |