Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-10-06 | CVE-2019-17214 | Cross-site Scripting vulnerability in Webarxsecurity Webarx 1.3.0 The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | 5.0 |
2019-10-06 | CVE-2019-17213 | Cross-site Scripting vulnerability in Webarxsecurity Webarx 1.3.0 The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. | 4.3 |
2019-10-05 | CVE-2019-17205 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. | 4.3 |
2019-10-05 | CVE-2019-17204 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | 3.5 |
2019-10-05 | CVE-2019-17203 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | 3.5 |
2019-10-04 | CVE-2019-11656 | Cross-site Scripting vulnerability in HP Arcsight Logger Stored XSS vulnerability in Micro Focus ArcSight Logger, affects versions prior to Logger 6.7.1 HotFix 6.7.1.8262.0. | 5.4 |
2019-10-04 | CVE-2019-17179 | Cross-site Scripting vulnerability in Open-Emr Openemr 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1 | 4.3 |
2019-10-04 | CVE-2019-4564 | Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager IBM Security Key Lifecycle Manager 2.6, 2.7, 3.0, and 3.0.1 is vulnerable to cross-site scripting. | 6.1 |
2019-10-04 | CVE-2019-17121 | Cross-site Scripting vulnerability in Vanderbilt Redcap REDCap before 9.3.4 has XSS on the Customize & Manage Locking/E-signatures page via Lock Record Custom Text values. | 3.5 |
2019-10-03 | CVE-2019-16931 | Cross-site Scripting vulnerability in Themeisle Visualizer A stored XSS vulnerability in the Visualizer plugin 3.3.0 for WordPress allows an unauthenticated attacker to execute arbitrary JavaScript when an admin or other privileged user edits the chart via the admin dashboard. | 4.3 |