Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-09-27 | CVE-2019-11741 | Cross-site Scripting vulnerability in Mozilla Firefox A compromised sandboxed content process can perform a Universal Cross-site Scripting (UXSS) attack on content from any site it can cause to be loaded in the same process. | 4.3 |
2019-09-27 | CVE-2019-16923 | Cross-site Scripting vulnerability in Kkcms Project Kkcms 1.3 kkcms 1.3 has jx.php?url= XSS. | 4.3 |
2019-09-26 | CVE-2019-12562 | Cross-site Scripting vulnerability in Dnnsoftware Dotnetnuke Stored Cross-Site Scripting in DotNetNuke (DNN) Version before 9.4.0 allows remote attackers to store and embed the malicious script into the admin notification page. | 4.3 |
2019-09-26 | CVE-2019-16914 | Cross-site Scripting vulnerability in Netgate Pfsense An XSS issue was discovered in pfSense through 2.4.4-p3. | 4.3 |
2019-09-26 | CVE-2019-16524 | Cross-site Scripting vulnerability in Status301 Easy Fancybox The easy-fancybox plugin before 1.8.18 for WordPress (aka Easy FancyBox) is susceptible to Stored XSS in the Settings Menu inc/class-easyfancybox.php due to improper encoding of arbitrarily submitted settings parameters. | 3.5 |
2019-09-26 | CVE-2019-10092 | Cross-site Scripting vulnerability in multiple products In Apache HTTP Server 2.4.0-2.4.39, a limited cross-site scripting issue was reported affecting the mod_proxy error page. | 6.1 |
2019-09-26 | CVE-2019-16904 | Cross-site Scripting vulnerability in Teampass 2.1.27.36 TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. | 3.5 |
2019-09-26 | CVE-2019-14272 | Cross-site Scripting vulnerability in Silverstripe In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | 3.5 |
2019-09-26 | CVE-2015-9444 | Cross-site Scripting vulnerability in Altosresearch Altos-Connect 1.3.0 The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | 4.3 |
2019-09-26 | CVE-2015-9439 | Cross-site Scripting vulnerability in Addthis The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | 3.5 |