Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2018-12-17	CVE-2018-18247	Cross-site Scripting vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. network low complexity icinga CWE-79	5.4
2018-12-17	CVE-2018-18245	Cross-site Scripting vulnerability in multiple products Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. network low complexity nagios debian CWE-79	5.4
2018-12-17	CVE-2017-18352	Cross-site Scripting vulnerability in Google Rendertron 1.0.0 Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs. network low complexity google CWE-79	6.1
2018-12-14	CVE-2018-20153	Cross-site Scripting vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. network low complexity wordpress debian CWE-79	5.4
2018-12-14	CVE-2018-20150	Cross-site Scripting vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. network low complexity wordpress debian CWE-79	6.1
2018-12-14	CVE-2018-20149	Cross-site Scripting vulnerability in multiple products In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. network low complexity wordpress debian CWE-79	5.4
2018-12-14	CVE-2018-1848	Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. network low complexity ibm CWE-79	6.1
2018-12-13	CVE-2018-5411	Cross-site Scripting vulnerability in Pixar Tractor 2.0/2.1/2.2 Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. network low complexity pixar CWE-79	5.4
2018-12-13	CVE-2018-19439	Cross-site Scripting vulnerability in Oracle Secure Global Desktop 4.4 XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). network low complexity oracle CWE-79	6.1
2018-12-13	CVE-2018-20138	Cross-site Scripting vulnerability in Readymadeb2Bscript Entrepreneur B2B Script 3.0.6 PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. network low complexity readymadeb2bscript CWE-79	5.4