Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-30 | CVE-2018-20611 | Cross-site Scripting vulnerability in Txjia Imcat 4.4 imcat 4.4 allow XSS via a crafted cookie to the root/tools/adbug/binfo.php?cookie URI. | 6.1 |
| 2018-12-30 | CVE-2018-20601 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has XSS via the description parameter in an index.php list_editpost action. | 4.8 |
| 2018-12-30 | CVE-2018-20600 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 sadmin\cedit.php in UCMS 1.4.7 has XSS via an index.php sadmin_cedit action. | 6.1 |
| 2018-12-30 | CVE-2018-20597 | Cross-site Scripting vulnerability in Ucms Project Ucms 1.4.7 UCMS 1.4.7 has XSS via the dir parameter in an index.php sadmin_fileedit action. | 4.8 |
| 2018-12-30 | CVE-2018-20594 | Cross-site Scripting vulnerability in Hsweb 3.0.4 An issue was discovered in hsweb 3.0.4. | 6.1 |
| 2018-12-30 | CVE-2018-20590 | Cross-site Scripting vulnerability in Generic Content Management System Project Generic Content Management System Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/users.php user ID. | 4.8 |
| 2018-12-30 | CVE-2018-20589 | Cross-site Scripting vulnerability in Generic Content Management System Project Generic Content Management System Ivan Cordoba Generic Content Management System (CMS) through 2018-04-28 has XSS via the Administrator/add_pictures.php article ID. | 4.8 |
| 2018-12-30 | CVE-2018-20583 | Cross-site Scripting vulnerability in Thephpleague Commonmark Cross-site scripting (XSS) vulnerability in the PHP League CommonMark library versions 0.15.6 through 0.18.x before 0.18.1 allows remote attackers to insert unsafe URLs into HTML (even if allow_unsafe_links is false) via a newline character (e.g., writing javascript as javascri%0apt). | 6.1 |
| 2018-12-28 | CVE-2018-16638 | Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the manager/ search parameter. | 5.4 |
| 2018-12-28 | CVE-2018-16637 | Cross-site Scripting vulnerability in Modx Evolution CMS Evolution CMS 1.4.x allows XSS via the page weblink title parameter to the manager/ URI. | 5.4 |