Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-06 | CVE-2018-1871 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Digital Payments for Multi-Platform 3.0.0, 3.0.2, and 3.0.5 is vulnerable to cross-site scripting. | 5.4 |
| 2018-12-06 | CVE-2018-19892 | Cross-site Scripting vulnerability in Domainmod DomainMOD through 4.11.01 has XSS via the admin/dw/add-server.php DisplayName, HostName, or UserName field. | 4.8 |
| 2018-12-05 | CVE-2018-19877 | Cross-site Scripting vulnerability in Adiscon Loganalyzer login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field. | 6.1 |
| 2018-12-05 | CVE-2018-1728 | Cross-site Scripting vulnerability in IBM Qradar Incident Forensics IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-12-04 | CVE-2018-18642 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. | 6.1 |
| 2018-12-04 | CVE-2018-18991 | Cross-site Scripting vulnerability in Spidercontrol Scada Webserver 2.02.0007 Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. | 6.1 |
| 2018-12-04 | CVE-2018-12319 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. | 7.5 |
| 2018-12-04 | CVE-2018-12311 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | 5.4 |
| 2018-12-04 | CVE-2018-12310 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | 5.4 |
| 2018-12-04 | CVE-2018-12305 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | 6.1 |