Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-12-24 CVE-2018-20418 Cross-site Scripting vulnerability in Craftcms Craft CMS 3.0.25
index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab.
network
low complexity
craftcms CWE-79
4.8
4.8
2018-12-23 CVE-2018-20379 Cross-site Scripting vulnerability in Technicolor Dpc3928Sl Firmware D3928Slpsip13A010C3420R55105160428A
Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001.
network
high complexity
technicolor CWE-79
4.7
4.7
2018-12-23 CVE-2018-20373 Cross-site Scripting vulnerability in Tendacn Adsl Firmware 1.0.1
Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client.
network
low complexity
tendacn CWE-79
5.4
5.4
2018-12-23 CVE-2018-20372 Cross-site Scripting vulnerability in Tp-Link Td-W8961Nd Firmware 1.0.1
TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client.
network
low complexity
tp-link CWE-79
5.4
5.4
2018-12-23 CVE-2018-20370 Cross-site Scripting vulnerability in The-Sz Netchat 7.8
SZ NetChat before 7.9 has XSS in the MyName input field of the Options module.
network
low complexity
the-sz CWE-79
5.4
5.4
2018-12-23 CVE-2018-20369 Cross-site Scripting vulnerability in Barracuda Message Archiver 2018
Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module.
network
low complexity
barracuda CWE-79
6.1
6.1
2018-12-23 CVE-2018-20368 Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1
The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback.
network
low complexity
averta CWE-79
5.4
5.4
2018-12-22 CVE-2018-20367 Cross-site Scripting vulnerability in Wstmart 2.0.8181212
The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI.
network
low complexity
wstmart CWE-79
6.1
6.1
2018-12-22 CVE-2018-20351 Cross-site Scripting vulnerability in Evernote
The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832.
network
low complexity
evernote CWE-79
6.1
6.1
2018-12-21 CVE-2018-20322 Cross-site Scripting vulnerability in Limesurvey
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators.
network
low complexity
limesurvey CWE-79
6.1
6.1