Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-09 | CVE-2019-17368 | Cross-site Scripting vulnerability in S-Cms 1.5 S-CMS v1.5 has XSS in tpl.php via the member/member_login.php from parameter. | 4.3 |
| 2019-10-08 | CVE-2019-0378 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before version 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the file name of the background image resulting in Stored Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0377 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2, does not sufficiently encode user-controlled inputs and allows an attacker to store malicious scripts in the input controls, resulting in Stored Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0376 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows an attacker to save malicious scripts in the publication name, which can be executed later by the victim, resulting in Stored Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0375 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the export dialog box of the report name resulting in reflected Cross-Site Scripting. | 3.5 |
| 2019-10-08 | CVE-2019-0374 | Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform 4.0/4.1/4.2 SAP BusinessObjects Business Intelligence Platform (Web Intelligence HTML interface), before versions 4.2 and 4.3, does not sufficiently encode user-controlled inputs and allows execution of scripts in the chart title resulting in reflected Cross-Site Scripting | 3.5 |
| 2019-10-08 | CVE-2019-0369 | Cross-site Scripting vulnerability in SAP Financial Consolidation 10.0/10.1 SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site scripting vulnerability. | 3.5 |
| 2019-10-08 | CVE-2019-0368 | Cross-site Scripting vulnerability in SAP products SAP Customer Relationship Management (Email Management), versions: S4CRM before 1.0 and 2.0, BBPCRM before 7.0, 7.01, 7.02, 7.12, 7.13 and 7.14, does not sufficiently encode user-controlled inputs within the mail client resulting in Cross-Site Scripting vulnerability. | 3.5 |
| 2019-10-08 | CVE-2019-10756 | Cross-site Scripting vulnerability in Nodered Node-Red-Dashboard It is possible to inject JavaScript within node-red-dashboard versions prior to version 2.17.0 due to the ui_notification node accepting raw HTML by default. | 3.5 |
| 2019-10-08 | CVE-2019-10215 | Cross-site Scripting vulnerability in Bootstrap-3-Typeahead Project Bootstrap-3-Typeahead Bootstrap-3-Typeahead after version 4.0.2 is vulnerable to a cross-site scripting flaw in the highlighter() function. | 6.1 |