Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-10	CVE-2017-18608	Cross-site Scripting vulnerability in Spot Spot.Im Comments The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. network spot CWE-79	4.3
2019-09-10	CVE-2017-18606	Cross-site Scripting vulnerability in Theme-Fusion Avada The avada theme before 5.1.5 for WordPress has stored XSS. network theme-fusion CWE-79	4.3
2019-09-10	CVE-2017-18603	Cross-site Scripting vulnerability in Postman-Smtp Project Postman-Smtp 20171004 The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. network postman-smtp-project CWE-79	4.3
2019-09-10	CVE-2017-18601	Cross-site Scripting vulnerability in Ibps Online Exam Project Ibps Online Exam 1.0 The examapp plugin 1.0 for WordPress has XSS via exam input text fields. network ibps-online-exam-project CWE-79	3.5
2019-09-10	CVE-2017-18600	Cross-site Scripting vulnerability in Ncrafts Formcraft The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field. network ncrafts CWE-79	3.5
2019-09-10	CVE-2017-18599	Cross-site Scripting vulnerability in Pinfinity Project Pinfinity The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter. network pinfinity-project CWE-79	4.3
2019-09-10	CVE-2017-18598	Cross-site Scripting vulnerability in Designmodo Qards The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php. network designmodo CWE-79	4.3
2019-09-09	CVE-2019-16182	Cross-site Scripting vulnerability in Limesurvey A reflected cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows remote attackers to inject arbitrary web script or HTML via extensions of uploaded files. network limesurvey CWE-79	4.3
2019-09-09	CVE-2019-16178	Cross-site Scripting vulnerability in Limesurvey A stored cross-site scripting (XSS) vulnerability was found in Limesurvey before 3.17.14 that allows authenticated users with correct permissions to inject arbitrary web script or HTML via titles of admin box buttons on the home page. network limesurvey CWE-79	3.5
2019-09-09	CVE-2019-16147	Cross-site Scripting vulnerability in Liferay Portal Liferay Portal through 7.2.0 GA1 allows XSS via a journal article title to journal_article/page.jsp in journal/journal-taglib. network liferay CWE-79	4.3