Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-01-03 CVE-2018-18244 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in syslog.html in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript code via an HTTP Referer Header.
network
low complexity
vivotek CWE-79
6.1
6.1
2019-01-03 CVE-2018-18005 Cross-site Scripting vulnerability in Vivotek Camera
Cross-site scripting in event_script.js in VIVOTEK Network Camera Series products with firmware 0x06x to 0x08x allows remote attackers to execute arbitrary JavaScript via a URL query string parameter.
network
low complexity
vivotek CWE-79
6.1
6.1
2019-01-03 CVE-2018-20663 Cross-site Scripting vulnerability in Haulmont Cuba Platform
The Reporting Addon (aka Reports Addon) through 2019-01-02 for CUBA Platform through 6.10.x has Persistent XSS via the "Reports > Reports" name field.
network
low complexity
haulmont CWE-79
5.4
5.4
2019-01-03 CVE-2018-19995 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to user/card.php.
network
low complexity
dolibarr CWE-79
5.4
5.4
2019-01-03 CVE-2018-19993 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2
A reflected cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote attackers to inject arbitrary web script or HTML via the transphrase parameter to public/notice.php.
network
low complexity
dolibarr CWE-79
6.1
6.1
2019-01-03 CVE-2018-19992 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 8.0.2
A stored cross-site scripting (XSS) vulnerability in Dolibarr 8.0.2 allows remote authenticated users to inject arbitrary web script or HTML via the "address" (POST) or "town" (POST) parameter to adherents/type.php.
network
low complexity
dolibarr CWE-79
5.4
5.4
2019-01-03 CVE-2018-19414 Cross-site Scripting vulnerability in Plikli CMS 4.0.0
Multiple cross-site scripting (XSS) vulnerabilities in Plikli CMS 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword parameter to groups.php; (2) username parameter to login.php; or (3) date parameter to search.php.
network
low complexity
plikli CWE-79
6.1
6.1
2019-01-03 CVE-2018-14481 Cross-site Scripting vulnerability in Osclass 3.7.4
Osclass 3.7.4 has XSS via the query string to index.php, a different vulnerability than CVE-2014-6280.
network
low complexity
osclass CWE-79
6.1
6.1
2019-01-02 CVE-2018-20326 Cross-site Scripting vulnerability in Chinamobile Gpn2.4P21-C-Cn Firmware W2001En00
ChinaMobile PLC Wireless Router GPN2.4P21-C-CN devices with firmware W2001EN-00 have XSS via the cgi-bin/webproc?getpage=html/index.html var:subpage parameter.
network
low complexity
chinamobile CWE-79
6.1
6.1
2019-01-02 CVE-2019-3501 Cross-site Scripting vulnerability in Ougc Awards Project Ougc Awards 1.1/1.8.0/1.8.3
The OUGC Awards plugin before 1.8.19 for MyBB allows XSS via a crafted award reason that is mishandled on the awards page or in a user profile.
network
low complexity
ougc-awards-project CWE-79
4.8
4.8