Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-01-15 CVE-2019-0024 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Email Collectors menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
5.4
2019-01-15 CVE-2019-0023 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the Golden VM menu of Juniper ATP may allow authenticated user to inject arbitrary script and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
5.4
2019-01-15 CVE-2019-0018 Cross-site Scripting vulnerability in Juniper Advanced Threat Prevention
A persistent cross-site scripting (XSS) vulnerability in the file upload menu of Juniper ATP may allow an authenticated user to inject arbitrary scripts and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device.
network
low complexity
juniper CWE-79
5.4
5.4
2019-01-15 CVE-2018-15463 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based interface.
network
low complexity
cisco CWE-79
6.1
6.1
2019-01-15 CVE-2018-1772 Cross-site Scripting vulnerability in IBM Spss Analytic Server 3.1.1.1
IBM SPSS Analytic Server 3.1.1.1 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2019-01-15 CVE-2018-15440 Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.4(0.357)
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
low complexity
cisco CWE-79
6.1
6.1
2019-01-15 CVE-2017-18358 Cross-site Scripting vulnerability in Limesurvey
LimeSurvey before 2.72.4 has Stored XSS by using the Continue Later (aka Resume later) feature to enter an email address, which is mishandled in the admin panel.
network
low complexity
limesurvey CWE-79
6.1
6.1
2019-01-15 CVE-2019-6267 Cross-site Scripting vulnerability in Premiumwpsuite Easy Redirect Manager 28.0717
The Premium WP Suite Easy Redirect Manager plugin 28.07-17 for WordPress has XSS via a crafted GET request that is mishandled during log viewing at the templates/admin/redirect-log.php URI.
network
low complexity
premiumwpsuite CWE-79
6.1
6.1
2019-01-14 CVE-2019-6278 Cross-site Scripting vulnerability in Jpress 1.0.4
XSS exists in JPress v1.0.4 via Markdown input, or Markdown input with the code input option.
network
low complexity
jpress CWE-79
5.4
5.4
2019-01-14 CVE-2018-1967 Cross-site Scripting vulnerability in IBM Security Identity Manager
IBM Security Identity Manager 6.0.0 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
6.1
6.1