Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-12 | CVE-2018-17952 | Cross-site Scripting vulnerability in Microfocus Edirectory Cross site scripting vulnerability in eDirectory prior to 9.1 SP2 | 6.1 |
| 2018-12-12 | CVE-2018-17949 | Cross-site Scripting vulnerability in Microfocus Imanager Cross site scripting vulnerability in iManager prior to 3.1 SP2. | 6.1 |
| 2018-12-12 | CVE-2018-8652 | Cross-site Scripting vulnerability in Microsoft Windows Azure Pack Rollup 13.1 A Cross-site Scripting (XSS) vulnerability exists when Windows Azure Pack does not properly sanitize user-provided input, aka "Windows Azure Pack Cross Site Scripting Vulnerability." This affects Windows Azure Pack Rollup 13.1. | 5.4 |
| 2018-12-12 | CVE-2018-8651 | Cross-site Scripting vulnerability in Microsoft Dynamics NAV 2016/2017 A cross site scripting vulnerability exists when Microsoft Dynamics NAV does not properly sanitize a specially crafted web request to an affected Dynamics NAV server, aka "Microsoft Dynamics NAV Cross Site Scripting Vulnerability." This affects Microsoft Dynamics NAV. | 5.4 |
| 2018-12-11 | CVE-2018-2505 | Cross-site Scripting vulnerability in SAP Hybris SAP Commerce does not sufficiently validate user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability in storefronts that are based on the product. | 6.1 |
| 2018-12-11 | CVE-2018-2504 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-12-11 | CVE-2018-2502 | Cross-site Scripting vulnerability in SAP Business ONE on Hana 9.2/9.3 TRACE method is enabled in SAP Business One Service Layer . | 6.1 |
| 2018-12-11 | CVE-2018-2486 | Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-12-11 | CVE-2018-19970 | Cross-site Scripting vulnerability in multiple products In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | 6.1 |
| 2018-12-11 | CVE-2018-1900 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. | 5.4 |