Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-02-06 | CVE-2018-20755 | Cross-site Scripting vulnerability in Modx Revolution MODX Revolution through v2.7.0-pl allows XSS via the User Photo field. | 6.1 |
| 2019-02-06 | CVE-2019-1003023 | Cross-site Scripting vulnerability in Jenkins Warnings Next Generation 1.0.0/1.0.1 A cross-site scripting vulnerability exists in Jenkins Warnings Next Generation Plugin 1.0.1 and earlier in src/main/java/io/jenkins/plugins/analysis/core/model/DetailsTableModel.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourceDetail.java, src/main/java/io/jenkins/plugins/analysis/core/model/SourcePrinter.java, src/main/java/io/jenkins/plugins/analysis/core/util/Sanitizer.java, src/main/java/io/jenkins/plugins/analysis/warnings/DuplicateCodeScanner.java that allows attackers with the ability to control warnings parser input to have Jenkins render arbitrary HTML. | 6.1 |
| 2019-02-06 | CVE-2019-1003014 | Cross-site Scripting vulnerability in multiple products An cross-site scripting vulnerability exists in Jenkins Config File Provider Plugin 3.4.1 and earlier in src/main/resources/lib/configfiles/configfiles.jelly that allows attackers with permission to define shared configuration files to execute arbitrary JavaScript when a user attempts to delete the shared configuration file. | 4.8 |
| 2019-02-06 | CVE-2019-1003013 | Cross-site Scripting vulnerability in multiple products An cross-site scripting vulnerability exists in Jenkins Blue Ocean Plugins 1.10.1 and earlier in blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/Export.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/ExportConfig.java, blueocean-commons/src/main/java/io/jenkins/blueocean/commons/stapler/export/JSONDataWriter.java, blueocean-rest-impl/src/main/java/io/jenkins/blueocean/service/embedded/UserStatePreloader.java, blueocean-web/src/main/resources/io/jenkins/blueocean/PageStatePreloadDecorator/header.jelly that allows attackers with permission to edit a user's description in Jenkins to have Blue Ocean render arbitrary HTML when using it as that user. | 5.4 |
| 2019-02-06 | CVE-2019-6504 | Cross-site Scripting vulnerability in Broadcom Automic Workload Automation 12.0/12.1/12.2 Insufficient output sanitization in the Automic Web Interface (AWI), in CA Automic Workload Automation 12.0 to 12.2, allow attackers to potentially conduct persistent cross site scripting (XSS) attacks via a crafted object. | 6.1 |
| 2019-02-05 | CVE-2019-7413 | Cross-site Scripting vulnerability in Parallax Scroll Project Parallax Scroll In the Parallax Scroll (aka adamrob-parallax-scroll) plugin before 2.1 for WordPress, includes/adamrob-parralax-shortcode.php allows XSS via the title text. | 6.1 |
| 2019-02-05 | CVE-2019-6591 | Cross-site Scripting vulnerability in F5 Big-Ip Access Policy Manager On BIG-IP APM 14.0.0 to 14.0.0.4, 13.0.0 to 13.1.1.3 and 12.1.0 to 12.1.3.7, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. | 5.4 |
| 2019-02-05 | CVE-2019-7402 | Cross-site Scripting vulnerability in PHPmywind 5.5 An issue was discovered in PHPMyWind 5.5. | 6.1 |
| 2019-02-05 | CVE-2019-7400 | Cross-site Scripting vulnerability in Rukovoditel Rukovoditel before 2.4.1 allows XSS. | 6.1 |
| 2019-02-04 | CVE-2019-1000024 | Cross-site Scripting vulnerability in Opt-Net Ng-Netms 3.3/3.5/3.62 OPT/NET BV NG-NetMS version v3.6-2 and earlier versions contains a Cross Site Scripting (XSS) vulnerability in /js/libs/jstree/demo/filebrowser/index.php page. | 6.1 |