Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-28 | CVE-2018-20557 | Cross-site Scripting vulnerability in Douco Douphp 1.5 An issue was discovered in DouCo DouPHP 1.5 20181221. | 4.8 |
| 2018-12-28 | CVE-2018-20530 | Cross-site Scripting vulnerability in Website Seller Script Project Website Seller Script 2.0.5 PHP Scripts Mall Website Seller Script 2.0.5 has XSS via a Profile field such as Company Address, a related issue to CVE-2018-15896. | 5.4 |
| 2018-12-28 | CVE-2018-1000887 | Cross-site Scripting vulnerability in Peel Shopping 9.1.0 Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. | 4.8 |
| 2018-12-28 | CVE-2018-1000629 | Cross-site Scripting vulnerability in Battelle V2I HUB 2.5.1 Battelle V2I Hub 2.5.1 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input by api/SystemConfigActions.php?action=add and the index.php script. | 6.1 |
| 2018-12-27 | CVE-2018-20524 | Cross-site Scripting vulnerability in Urlchatbox Chat Anywhere 2.4.0 The Chat Anywhere extension 2.4.0 for Chrome allows XSS via crafted use of <<a> in a message, because a danmuWrapper DIV element in chatbox-only\danmu.js is outside the scope of a Content Security Policy (CSP). | 6.1 |
| 2018-12-27 | CVE-2018-20520 | Cross-site Scripting vulnerability in 1234N Minicms 1.10 MiniCMS V1.10 has XSS via the mc-admin/post-edit.php query string, a related issue to CVE-2018-10296 and CVE-2018-16233. | 6.1 |
| 2018-12-26 | CVE-2018-19799 | Cross-site Scripting vulnerability in Dolibarr Dolibarr ERP/CRM through 8.0.3 has /exports/export.php?datatoexport= XSS. | 6.1 |
| 2018-12-26 | CVE-2018-19615 | Cross-site Scripting vulnerability in Rockwellautomation Powermonitor 1000 Firmware 1408Em3Aentb Rockwell Automation Allen-Bradley PowerMonitor 1000 all versions. | 6.1 |
| 2018-12-26 | CVE-2018-20486 | Cross-site Scripting vulnerability in Metinfo MetInfo 6.x through 6.1.3 has XSS via the /admin/login/login_check.php url_array[] parameter. | 6.1 |
| 2018-12-26 | CVE-2018-20485 | Cross-site Scripting vulnerability in Zohocorp Manageengine Adselfservice Plus Zoho ManageEngine ADSelfService Plus 5.7 before build 5702 has XSS in the employee search feature. | 6.1 |