Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-12-10 CVE-2018-16636 Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.70
Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter.
network
low complexity
nucleuscms CWE-79
6.5
6.5
2018-12-10 CVE-2018-16635 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.2
Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php.
network
low complexity
blackcat-cms CWE-79
5.4
5.4
2018-12-10 CVE-2018-1671 Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.3.0
IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection.
network
low complexity
ibm CWE-79
6.1
6.1
2018-12-10 CVE-2018-20017 Cross-site Scripting vulnerability in Sem-Cms Semcms 3.5
SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI.
network
low complexity
sem-cms CWE-79
4.8
4.8
2018-12-10 CVE-2018-20012 Cross-site Scripting vulnerability in PHPcmf 4.1.3
PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI.
network
low complexity
phpcmf CWE-79
4.8
4.8
2018-12-10 CVE-2018-20011 Cross-site Scripting vulnerability in Domainmod
DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field.
network
low complexity
domainmod CWE-79
4.8
4.8
2018-12-10 CVE-2018-20010 Cross-site Scripting vulnerability in Domainmod
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider-account.php username field.
network
low complexity
domainmod CWE-79
4.8
4.8
2018-12-10 CVE-2018-20009 Cross-site Scripting vulnerability in Domainmod
DomainMOD 4.11.01 has XSS via the assets/add/ssl-provider.php SSL Provider Name or SSL Provider URL field.
network
low complexity
domainmod CWE-79
4.8
4.8
2018-12-10 CVE-2018-20006 Cross-site Scripting vulnerability in PHPok 5.0.055
An issue was discovered in PHPok v5.0.055.
network
low complexity
phpok CWE-79
6.1
6.1
2018-12-07 CVE-2018-16861 Cross-site Scripting vulnerability in Theforeman Foreman
A cross-site scripting (XSS) flaw was found in the foreman component of satellite.
network
low complexity
theforeman CWE-79
4.8
4.8