Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-03-05 CVE-2019-9570 Cross-site Scripting vulnerability in Yzmcms 5.2.0
An issue was discovered in YzmCMS 5.2.0.
network
yzmcms CWE-79
3.5
3.5
2019-03-04 CVE-2017-15515 Cross-site Scripting vulnerability in Netapp Snapcenter Server
NetApp SnapCenter Server prior to 4.0 is susceptible to cross site scripting vulnerability that could allow a privileged user to inject arbitrary scripts into the custom secondary policy label field.
network
netapp CWE-79
3.5
3.5
2019-03-04 CVE-2019-9567 Cross-site Scripting vulnerability in Incsub Forminator
The "Forminator Contact Form, Poll & Quiz Builder" plugin before 1.6 for WordPress has XSS via a custom input field of a poll.
network
low complexity
incsub CWE-79
6.1
6.1
2019-03-04 CVE-2019-9551 Cross-site Scripting vulnerability in Wdoyo Doyocms 2.3
An issue was discovered in DOYO (aka doyocms) 2.3 through 2015-05-06.
network
wdoyo CWE-79
3.5
3.5
2019-03-03 CVE-2019-9550 Cross-site Scripting vulnerability in Dhcms Project Dhcms 20170918
DhCms through 2017-09-18 has admin.php?r=admin/Index/index XSS. 		3.5
3.5
2019-03-02 CVE-2019-8279 Cross-site Scripting vulnerability in Vanillaforums Vanilla Forums
Multiple stored XSS in Vanilla Forums before 2.5 allow remote attackers to inject arbitrary JavaScript code into any message on forum. 		3.5
3.5
2019-03-02 CVE-2019-8278 Cross-site Scripting vulnerability in Invisioncommunity Invision Power Board 3.4.7/3.4.8
Stored XSS in Invision Power Board versions 3.3.1 - 3.4.8 leads to Remote Code Execution. 		4.3
4.3
2019-02-28 CVE-2019-9226 Cross-site Scripting vulnerability in Baigo CMS 2.1.1
An issue was discovered in baigo CMS 2.1.1.
network
baigo CWE-79
4.3
4.3
2019-02-27 CVE-2018-20244 Cross-site Scripting vulnerability in Apache Airflow
In Apache Airflow before 1.10.2, a malicious admin user could edit the state of objects in the Airflow metadata database to execute arbitrary javascript on certain page views.
network
low complexity
apache CWE-79
5.5
5.5
2019-02-27 CVE-2019-8410 Cross-site Scripting vulnerability in Maccms
Maccms 8.0 allows XSS via the inc/config/cache.php t_key parameter because template/paody/html/vod_type.html mishandles the keywords parameter, and a/tpl/module/db.php only filters the t_name parameter (not t_key).
network
maccms CWE-79
4.3
4.3