Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-09-11 CVE-2019-1305 Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server
A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'.
network
microsoft CWE-79
3.5
3.5
2019-09-11 CVE-2019-1273 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'.
network
microsoft CWE-79
3.5
3.5
2019-09-11 CVE-2019-1266 Cross-site Scripting vulnerability in Microsoft Exchange Server 2016/2019
A spoofing vulnerability exists in Microsoft Exchange Server when Outlook Web App (OWA) fails to properly handle web requests, aka 'Microsoft Exchange Spoofing Vulnerability'.
network
microsoft CWE-79
4.3
4.3
2019-09-11 CVE-2019-1262 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation 2013
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
network
microsoft CWE-79
3.5
3.5
2019-09-11 CVE-2019-10073 Cross-site Scripting vulnerability in Apache Ofbiz
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks.
network
low complexity
apache CWE-79
6.1
6.1
2019-09-11 CVE-2019-3761 Cross-site Scripting vulnerability in Dell products
The RSA Identity Governance and Lifecycle software and RSA Via Lifecycle and Governance products prior to 7.1.0 P08 contain a stored cross-site scripting vulnerability in the Access Request module.
network
dell CWE-79
3.5
3.5
2019-09-11 CVE-2019-8450 Cross-site Scripting vulnerability in Atlassian Jira Server
Various templates of the Optimization plugin in Jira before version 7.13.6, and from version 8.0.0 before version 8.4.0 allow remote attackers who have permission to manage custom fields to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of a custom field.
network
atlassian CWE-79
3.5
3.5
2019-09-11 CVE-2019-16223 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows XSS in post previews by authenticated users.
network
low complexity
wordpress debian CWE-79
5.4
5.4
2019-09-11 CVE-2019-16222 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 has an issue with URL sanitization in wp_kses_bad_protocol_once in wp-includes/kses.php that can lead to cross-site scripting (XSS) attacks.
network
low complexity
wordpress debian CWE-79
6.1
6.1
2019-09-11 CVE-2019-16221 Cross-site Scripting vulnerability in multiple products
WordPress before 5.2.3 allows reflected XSS in the dashboard.
network
low complexity
wordpress debian CWE-79
6.1
6.1