Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-09 | CVE-2018-21012 | Cross-site Scripting vulnerability in Vsourz CF7 Invisible Recaptcha The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. | 6.1 |
| 2019-09-09 | CVE-2019-16130 | Cross-site Scripting vulnerability in Hgw168Cc Yii-Cms 1.0 YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. | 4.3 |
| 2019-09-09 | CVE-2019-16126 | Cross-site Scripting vulnerability in Getgrav Grav CMS Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. | 4.3 |
| 2019-09-08 | CVE-2019-16118 | Cross-site Scripting vulnerability in 10Web Photo Gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/controllers/Options.php. | 6.1 |
| 2019-09-08 | CVE-2019-16117 | Cross-site Scripting vulnerability in 10Web Photo Gallery Cross site scripting (XSS) in the photo-gallery (10Web Photo Gallery) plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php. | 6.1 |
| 2019-09-08 | CVE-2019-16104 | Cross-site Scripting vulnerability in Silver-Peak Unity Edgeconnect Sd-Wan Firmware 8.1.4.965644 Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | 4.3 |
| 2019-09-06 | CVE-2018-11198 | Cross-site Scripting vulnerability in Acquia Mautic 2.13.1 An issue was discovered in Mautic 2.13.1. | 4.3 |
| 2019-09-05 | CVE-2019-15848 | Cross-site Scripting vulnerability in Jetbrains Teamcity 2019.1/2019.1.1 JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | 4.3 |
| 2019-09-05 | CVE-2019-4186 | Cross-site Scripting vulnerability in IBM Jazz for Service Management 1.1.3 IBM Jazz for Service Management 1.1.3 is vulnerable to HTTP header injection, caused by incorrect trust in the HTTP Host header during caching. | 6.1 |
| 2019-09-05 | CVE-2019-4149 | Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow V18.0.0.0 through V18.0.0.2 and IBM Business Process Manager V8.6.0.0 through V8.6.0.0 Cumulative Fix 2018.03, V8.5.7.0 through V8.5.7.0 Cumulative Fix 2017.06, and V8.5.6.0 through V8.5.6.0 CF2 is vulnerable to cross-site scripting. | 5.4 |