Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-09-09 CVE-2019-16173 Cross-site Scripting vulnerability in Limesurvey
LimeSurvey before v3.17.14 allows reflected XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin.
network
low complexity
limesurvey CWE-79
5.4
5.4
2019-09-09 CVE-2019-16172 Cross-site Scripting vulnerability in Limesurvey
LimeSurvey before v3.17.14 allows stored XSS for escalating privileges from a low-privileged account to, for example, SuperAdmin.
network
low complexity
limesurvey CWE-79
5.4
5.4
2019-09-09 CVE-2019-11548 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9.
network
gitlab CWE-79
3.5
3.5
2019-09-09 CVE-2019-11547 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.8.9, 11.9.x before 11.9.10, and 11.10.x before 11.10.2.
network
gitlab CWE-79
4.3
4.3
2019-09-09 CVE-2019-5471 Cross-site Scripting vulnerability in Gitlab
An input validation and output encoding issue was discovered in the GitLab email notification feature which could result in a persistent XSS.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-09-09 CVE-2019-5467 Cross-site Scripting vulnerability in Gitlab
An input validation and output encoding issue was discovered in the GitLab CE/EE wiki pages feature which could result in a persistent XSS.
network
low complexity
gitlab CWE-79
5.4
5.4
2019-09-09 CVE-2019-10670 Cross-site Scripting vulnerability in Librenms
An issue was discovered in LibreNMS through 1.47.
network
librenms CWE-79
4.3
4.3
2019-09-09 CVE-2019-16148 Cross-site Scripting vulnerability in Sakailms Sakai
Sakai through 12.6 allows XSS via a chat user name.
network
sakailms CWE-79
4.3
4.3
2019-09-09 CVE-2019-16146 Cross-site Scripting vulnerability in Getgophish Gophish
Gophish through 0.8.0 allows XSS via a username.
network
getgophish CWE-79
3.5
3.5
2019-09-09 CVE-2018-21014 Cross-site Scripting vulnerability in Buddyboss Buddymoss Media
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS.
network
buddyboss CWE-79
3.5
3.5