Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-01-17 CVE-2018-20731 Cross-site Scripting vulnerability in Nedi
A stored cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via User-Chat.php.
network
low complexity
nedi CWE-79
6.1
6.1
2019-01-17 CVE-2018-20729 Cross-site Scripting vulnerability in Nedi
A reflected cross site scripting (XSS) vulnerability in NeDi before 1.7Cp3 allows remote attackers to inject arbitrary web script or HTML via the reg parameter in mh.php.
network
low complexity
nedi CWE-79
6.1
6.1
2019-01-17 CVE-2015-9281 Cross-site Scripting vulnerability in SAS web Infrastructure Platform 9.4
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
network
low complexity
sas CWE-79
6.1
6.1
2019-01-16 CVE-2018-18813 Cross-site Scripting vulnerability in Tibco products
The Spotfire web server component of TIBCO Software Inc.'s TIBCO Spotfire Analytics Platform for AWS Marketplace, and TIBCO Spotfire Server contains multiple vulnerabilities that may allow persistent and reflected cross-site scripting attacks.
network
low complexity
tibco CWE-79
6.1
6.1
2019-01-16 CVE-2019-2413 Cross-site Scripting vulnerability in Oracle Reports Developer 12.2.1.3
Vulnerability in the Oracle Reports Developer component of Oracle Fusion Middleware (subcomponent: Valid Session).
network
low complexity
oracle CWE-79
6.1
6.1
2019-01-16 CVE-2018-20726 Cross-site Scripting vulnerability in Cacti
A cross-site scripting (XSS) vulnerability exists in host.php (via tree.php) in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname field for Devices.
network
low complexity
cacti CWE-79
5.4
5.4
2019-01-16 CVE-2018-20725 Cross-site Scripting vulnerability in Cacti
A cross-site scripting (XSS) vulnerability exists in graph_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Graph Vertical Label.
network
low complexity
cacti CWE-79
4.8
4.8
2019-01-16 CVE-2018-20724 Cross-site Scripting vulnerability in Cacti
A cross-site scripting (XSS) vulnerability exists in pollers.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Website Hostname for Data Collectors.
network
low complexity
cacti CWE-79
4.8
4.8
2019-01-16 CVE-2018-20723 Cross-site Scripting vulnerability in Cacti
A cross-site scripting (XSS) vulnerability exists in color_templates.php in Cacti before 1.2.0 due to lack of escaping of unintended characters in the Name field for a Color.
network
low complexity
cacti CWE-79
4.8
4.8
2019-01-16 CVE-2015-9279 Cross-site Scripting vulnerability in Mailenable
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
network
low complexity
mailenable CWE-79
6.1
6.1