Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-02-21 CVE-2018-1947 Cross-site Scripting vulnerability in IBM Security Identity Governance and Intelligence
IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1
2019-02-21 CVE-2019-8984 Cross-site Scripting vulnerability in Altn Mdaemon
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 2 of 2).
network
low complexity
altn CWE-79
6.1
6.1
2019-02-21 CVE-2019-8983 Cross-site Scripting vulnerability in Altn Mdaemon
MDaemon Webmail 14.x through 18.x before 18.5.2 has XSS (issue 1 of 2).
network
low complexity
altn CWE-79
6.1
6.1
2019-02-21 CVE-2019-5727 Cross-site Scripting vulnerability in Splunk
Splunk Web in Splunk Enterprise 6.5.x before 6.5.5, 6.4.x before 6.4.9, 6.3.x before 6.3.12, 6.2.x before 6.2.14, 6.1.x before 6.1.14, and 6.0.x before 6.0.15 and Splunk Light before 6.6.0 has Persistent XSS, aka SPL-138827.
network
low complexity
splunk CWE-79
5.4
5.4
2019-02-20 CVE-2019-8953 Cross-site Scripting vulnerability in Netgate Haproxy
The HAProxy package before 0.59_16 for pfSense has XSS via the desc (aka Description) or table_actionsaclN parameter, related to haproxy_listeners.php and haproxy_listeners_edit.php.
network
low complexity
netgate CWE-79
6.1
6.1
2019-02-20 CVE-2019-8331 Cross-site Scripting vulnerability in multiple products
In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute.
network
low complexity
getbootstrap f5 redhat tenable CWE-79
6.1
6.1
2019-02-20 CVE-2018-20241 Cross-site Scripting vulnerability in Atlassian Fisheye
The Edit upload resource for a review in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the wbuser parameter.
network
low complexity
atlassian CWE-79
5.4
5.4
2019-02-20 CVE-2018-20240 Cross-site Scripting vulnerability in Atlassian Fisheye
The administrative linker functionality in Atlassian Fisheye and Crucible before version 4.7.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the href parameter.
network
low complexity
atlassian CWE-79
4.8
4.8
2019-02-19 CVE-2019-5778 Cross-site Scripting vulnerability in multiple products
A missing case for handling special schemes in permission request checks in Extensions in Google Chrome prior to 72.0.3626.81 allowed an attacker who convinced a user to install a malicious extension to bypass extension permission checks for privileged pages via a crafted Chrome Extension.
network
low complexity
google debian redhat fedoraproject CWE-79
6.5
6.5
2019-02-19 CVE-2019-8939 Cross-site Scripting vulnerability in Tautulli 2.1.26
data/interfaces/default/history.html in Tautulli 2.1.26 has XSS via a crafted Plex username that is mishandled when constructing the History page.
network
low complexity
tautulli CWE-79
6.1
6.1