Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-03-02 CVE-2019-8278 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution.
network
low complexity
invisioncommunity CWE-79
6.1
6.1
2019-02-28 CVE-2019-9226 Cross-site Scripting vulnerability in Baigo CMS 2.1.1
An issue was discovered in baigo CMS 2.1.1.
network
low complexity
baigo CWE-79
6.1
6.1
2019-02-27 CVE-2018-20244 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
5.5
5.5
2019-02-27 CVE-2019-8410 Cross-site Scripting vulnerability in Maccms 7.0/8.0
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
network
low complexity
maccms CWE-79
6.1
6.1
2019-02-26 CVE-2019-6595 Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager
Cross-site scripting (XSS) vulnerability in F5 BIG-IP Access Policy Manager (APM) 11.5.x and 11.6.x Admin Web UI.
network
low complexity
f5 CWE-79
6.1
6.1
2019-02-26 CVE-2019-9168 Cross-site Scripting vulnerability in Woocommerce
WooCommerce before 3.5.5 allows XSS via a Photoswipe caption.
network
low complexity
woocommerce CWE-79
6.1
6.1
2019-02-25 CVE-2019-9145 Cross-site Scripting vulnerability in Hsycms 1.1
An issue was discovered in Hsycms V1.1.
network
low complexity
hsycms CWE-79
6.1
6.1
2019-02-25 CVE-2019-9142 Cross-site Scripting vulnerability in B3Log Symphony
An issue was discovered in b3log Symphony (aka Sym) before v3.4.7.
network
low complexity
b3log CWE-79
6.1
6.1
2019-02-25 CVE-2018-20791 Cross-site Scripting vulnerability in Tecrail Responsive Filemanager 9.13.4
tecrail Responsive FileManager 9.13.4 allows XSS via a media file upload with an XSS payload in the name, because of mishandling of the media_preview action.
network
low complexity
tecrail CWE-79
6.1
6.1
2019-02-25 CVE-2019-9110 Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 4.1.0
XSS exists in WUZHI CMS 4.1.0 via index.php?m=content&f=postinfo&v=listing&set_iframe=[XSS] to coreframe/app/content/postinfo.php.
network
low complexity
wuzhicms CWE-79
6.1
6.1