Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-05 | CVE-2019-10677 | Cross-site Scripting vulnerability in Dasanzhone Znid Gpon 2426A EU Firmware S3.1.285 Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). | 4.3 |
| 2019-09-05 | CVE-2019-12644 | Cross-site Scripting vulnerability in Cisco Identity Services Engine A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.3 |
| 2019-09-04 | CVE-2019-14470 | Cross-site Scripting vulnerability in multiple products cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | 4.3 |
| 2019-09-04 | CVE-2019-13975 | Cross-site Scripting vulnerability in Egain Chat 15.0.3 eGain Chat 15.0.3 allows HTML Injection. | 6.1 |
| 2019-09-04 | CVE-2019-15814 | Cross-site Scripting vulnerability in Sentrifugo 3.2 Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | 3.5 |
| 2019-09-04 | CVE-2019-13209 | Cross-site Scripting vulnerability in Suse Rancher Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. | 4.3 |
| 2019-09-03 | CVE-2019-15898 | Cross-site Scripting vulnerability in Nagios LOG Server Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | 4.3 |
| 2019-09-03 | CVE-2019-6181 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A reflected cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow a crafted URL, if visited, to cause JavaScript code to be executed in the user's web browser. | 6.1 |
| 2019-09-03 | CVE-2019-6180 | Cross-site Scripting vulnerability in Lenovo Xclarity Administrator A stored cross-site scripting (XSS) vulnerability was reported in Lenovo XClarity Administrator (LXCA) versions prior to 2.5.0 that could allow an administrative user to cause JavaScript code to be stored in LXCA which may then be executed in the user's web browser. | 4.8 |
| 2019-09-03 | CVE-2019-15889 | Cross-site Scripting vulnerability in Wpdownloadmanager Wordpress Download Manager The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. | 4.3 |