Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-01-08 | CVE-2019-0244 | Cross-site Scripting vulnerability in SAP products SAP CRM WebClient UI (fixed in SAPSCORE 1.12; S4FND 1.02; WEBCUIF 7.31, 7.46, 7.47, 7.48, 8.0, 8.01) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2019-01-08 | CVE-2019-0238 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce (previously known as SAP Hybris Commerce), before version 6.7, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2019-01-08 | CVE-2018-1918 | Cross-site Scripting vulnerability in IBM Jazz Reporting Service IBM Jazz Reporting Service (JRS) 6.0.3, 6.0.4, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-01-04 | CVE-2019-5311 | Cross-site Scripting vulnerability in Yunucms 1.1.8 An issue was discovered in YUNUCMS V1.1.8. | 6.1 |
| 2019-01-04 | CVE-2018-1951 | Cross-site Scripting vulnerability in IBM Rational Publishing Engine 2.1.2/6.0.5/6.0.6 IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-01-04 | CVE-2018-1657 | Cross-site Scripting vulnerability in IBM Rational Publishing Engine 2.1.2/6.0.5/6.0.6 IBM Publishing Engine 2.1.2, 6.0.5, and 6.0.6 is vulnerable to cross-site scripting. | 5.4 |
| 2019-01-04 | CVE-2019-5310 | Cross-site Scripting vulnerability in Yunucms 1.1.8 YUNUCMS 1.1.8 has XSS in app/admin/controller/System.php because crafted data can be written to the sys.php file, as demonstrated by site_title in an admin/system/basic POST request. | 6.1 |
| 2019-01-03 | CVE-2018-8827 | Cross-site Scripting vulnerability in Technicolor Tg789Vac Firmware 16.3.7190276100520161004084353 The admin web interface on Technicolor MediaAccess TG789vac v2 HP devices with firmware v16.3.7190-2761005-20161004084353 displays unsanitised user input, which allows an unauthenticated malicious user to embed JavaScript into the Log viewer interface via a crafted HTTP Referer header, aka XSS. | 6.1 |
| 2019-01-03 | CVE-2018-18997 | Cross-site Scripting vulnerability in ABB Gate-E1 Firmware and Gate-E2 Firmware Pluto Safety PLC Gateway Ethernet devices in ABB GATE-E1 and GATE-E2 all versions allows an unauthenticated attacker using the administrative web interface to insert an HTML/Javascript payload into any of the device properties, which may allow an attacker to display/execute the payload in a visitor browser. | 6.1 |
| 2019-01-03 | CVE-2018-19600 | Cross-site Scripting vulnerability in Rhymix 1.9.8.1 Rhymix CMS 1.9.8.1 allows XSS via an index.php?module=admin&act=dispModuleAdminFileBox SVG upload. | 4.8 |