Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-08 | CVE-2019-17108 | Cross-site Scripting vulnerability in Centreon web Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user. | 4.3 |
| 2019-10-08 | CVE-2019-16417 | Cross-site Scripting vulnerability in Hrworks 3.36.9 HRworks FLOW 3.36.9 allows XSS via the purpose of a travel-expense report. | 3.5 |
| 2019-10-08 | CVE-2019-16416 | Cross-site Scripting vulnerability in Hrworks 3.36.9 HRworks 3.36.9 allows XSS via the purpose of a travel-expense report. | 3.5 |
| 2019-10-07 | CVE-2019-17233 | Cross-site Scripting vulnerability in Etoilewebdesign Ultimate FAQ Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | 4.3 |
| 2019-10-07 | CVE-2019-17239 | Cross-site Scripting vulnerability in Wpfactory Download Plugins and Themes From Dashboard includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. | 4.3 |
| 2019-10-07 | CVE-2015-9453 | Cross-site Scripting vulnerability in K-78 Broken Link Manager The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | 4.3 |
| 2019-10-07 | CVE-2019-15750 | Cross-site Scripting vulnerability in Sitos SIX 6.2.1 A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | 4.3 |
| 2019-10-07 | CVE-2018-18379 | Cross-site Scripting vulnerability in Elementor Page Builder The elementor-edit-template class in wp-admin/customize.php in the Elementor Pro plugin before 2.0.10 for WordPress has XSS. | 4.3 |
| 2019-10-06 | CVE-2019-17226 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | 3.5 |
| 2019-10-06 | CVE-2019-17225 | Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1 Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | 3.5 |