Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-01-31 | CVE-2019-7250 | Cross-site Scripting vulnerability in Cross Reference Project Cross Reference 36 An issue was discovered in the Cross Reference Add-on 36 for Google Docs. | 4.3 |
2019-01-30 | CVE-2019-3911 | Cross-site Scripting vulnerability in Labkey Server Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. | 6.1 |
2019-01-30 | CVE-2019-1566 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. | 6.1 |
2019-01-30 | CVE-2019-1565 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. | 3.5 |
2019-01-30 | CVE-2018-19782 | Cross-site Scripting vulnerability in Freshrss 1.11.1 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. | 4.3 |
2019-01-30 | CVE-2018-12611 | Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Directory Traversal. | 4.3 |
2019-01-29 | CVE-2019-7173 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. | 3.5 |
2019-01-29 | CVE-2019-7172 | Cross-site Scripting vulnerability in Atutor A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. | 4.3 |
2019-01-29 | CVE-2019-7171 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. | 3.5 |
2019-01-29 | CVE-2019-7170 | Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. | 3.5 |