Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-10 | CVE-2019-1329 | Cross-site Scripting vulnerability in Microsoft products An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. | 3.5 |
| 2019-10-10 | CVE-2019-1328 | Cross-site Scripting vulnerability in Microsoft products A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. | 3.5 |
| 2019-10-10 | CVE-2019-1070 | Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016 A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | 3.5 |
| 2019-10-10 | CVE-2019-17434 | Cross-site Scripting vulnerability in Lavalite LavaLite through 5.7 has XSS via a crafted account name that is mishandled on the Manage Clients screen. | 3.5 |
| 2019-10-10 | CVE-2019-17433 | Cross-site Scripting vulnerability in Laravel-Admin 1.7.3 z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen. | 3.5 |
| 2019-10-10 | CVE-2019-17430 | Cross-site Scripting vulnerability in Eyoucms EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter. | 4.3 |
| 2019-10-10 | CVE-2019-17071 | Cross-site Scripting vulnerability in Realbigplugins Client Dash 2.1.4 The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS. | 4.3 |
| 2019-10-10 | CVE-2019-17070 | Cross-site Scripting vulnerability in LQD Liquid Speech Balloon 1.0.5 The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin before 1.0.7 for WordPress allows XSS with Internet Explorer. | 4.3 |
| 2019-10-10 | CVE-2019-17427 | Cross-site Scripting vulnerability in Redmine In Redmine before 3.4.11 and 4.0.x before 4.0.4, persistent XSS exists due to textile formatting errors. | 4.3 |
| 2019-10-10 | CVE-2019-17417 | Cross-site Scripting vulnerability in Pbootcms 2.0.2 PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs. | 3.5 |