Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2019-01-31	CVE-2019-7250	Cross-site Scripting vulnerability in Cross Reference Project Cross Reference 36 An issue was discovered in the Cross Reference Add-on 36 for Google Docs. network cross-reference-project CWE-79	4.3
2019-01-30	CVE-2019-3911	Cross-site Scripting vulnerability in Labkey Server Reflected cross-site scripting (XSS) vulnerability in LabKey Server Community Edition before 18.3.0-61806.763 allows an unauthenticated remote attacker to inject arbitrary javascript via the onerror parameter in the /__r2/query endpoints. network low complexity labkey CWE-79	6.1
2019-01-30	CVE-2019-1566	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS management web interface in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an unauthenticated attacker to inject arbitrary JavaScript or HTML. network low complexity paloaltonetworks CWE-79	6.1
2019-01-30	CVE-2019-1565	Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS external dynamics lists in PAN-OS 7.1.21 and earlier, PAN-OS 8.0.14 and earlier, and PAN-OS 8.1.5 and earlier, may allow an attacker that is authenticated in Next Generation Firewall with write privileges to External Dynamic List configuration to inject arbitrary JavaScript or HTML. network paloaltonetworks CWE-79	3.5
2019-01-30	CVE-2018-19782	Cross-site Scripting vulnerability in Freshrss 1.11.1 Multiple cross-site scripting (XSS) vulnerabilities in GET requests in FreshRSS 1.11.1 allow remote attackers to inject arbitrary web script or HTML via the (1) c parameter or (2) a parameter. network freshrss CWE-79	4.3
2019-01-30	CVE-2018-12611	Cross-site Scripting vulnerability in Open-Xchange Appsuite OX App Suite 7.8.4 and earlier allows Directory Traversal. network open-xchange CWE-79	4.3
2019-01-29	CVE-2019-7173	Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/file-manager/attachments/edit/4. network croogo CWE-79	3.5
2019-01-29	CVE-2019-7172	Cross-site Scripting vulnerability in Atutor A stored-self XSS exists in ATutor through v2.2.4, allowing an attacker to execute HTML or JavaScript code in a vulnerable Real Name field to /mods/_core/users/admins/my_edit.php. network atutor CWE-79	4.3
2019-01-29	CVE-2019-7171	Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/blocks/blocks/edit/8. network croogo CWE-79	3.5
2019-01-29	CVE-2019-7170	Cross-site Scripting vulnerability in Croogo A stored-self XSS exists in Croogo through v3.0.5, allowing an attacker to execute HTML or JavaScript code in a vulnerable Title field to /admin/taxonomy/vocabularies. network croogo CWE-79	3.5