Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-27 | CVE-2018-13333 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in File Manager in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript in the permissions window by placing JavaScript in users' usernames. | 6.1 |
| 2018-11-27 | CVE-2018-13331 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in Control Panel in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript when viewing users by placing JavaScript in their usernames. | 6.1 |
| 2018-11-27 | CVE-2018-13334 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in handle.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "options[sysname]" parameter. | 6.1 |
| 2018-11-27 | CVE-2018-13329 | Cross-site Scripting vulnerability in Terra-Master Terramaster Operating System 3.1.03 Cross-site scripting in ajaxdata.php in TerraMaster TOS version 3.1.03 allows attackers to execute JavaScript via the "lines" URL parameter. | 6.1 |
| 2018-11-27 | CVE-2018-13022 | Cross-site Scripting vulnerability in MI Miwifi OS 2.22.15 Cross-site scripting vulnerability in the API 404 page on Xiaomi Mi Router 3 version 2.22.15 allows attackers to execute arbitrary JavaScript via a modified URL path. | 6.1 |
| 2018-11-27 | CVE-2018-17256 | Cross-site Scripting vulnerability in Umbraco CMS 7.12.3 Persistent cross-site scripting (XSS) vulnerability in Umbraco CMS 7.12.3 allows authenticated users to inject arbitrary web script via the Header Name of a content (Blog, Content Page, etc.). | 4.8 |
| 2018-11-27 | CVE-2018-12241 | Cross-site Scripting vulnerability in Symantec Security Analytics The Symantec Security Analytics (SA) 7.x prior to 7.3.4 Web UI is susceptible to a reflected cross-site scripting (XSS) vulnerability. | 6.1 |
| 2018-11-27 | CVE-2018-16096 | Cross-site Scripting vulnerability in Lenovo System Management Module Firmware 1.05 In System Management Module (SMM) versions prior to 1.06, the SMM web interface for changing Enclosure VPD fails to sufficiently sanitize all input for HTML tags, possibly opening a path for cross-site scripting. | 6.1 |
| 2018-11-26 | CVE-2018-13323 | Cross-site Scripting vulnerability in Buffalo Ts5600D1206 Firmware 3.610.10 Cross-site scripting in detail.html in Buffalo TS5600D1206 version 3.61-0.10 allows attackers to execute JavaScript via the "username" cookie. | 6.1 |
| 2018-11-26 | CVE-2018-13317 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Password disclosure in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to obtain the plaintext password for the admin user by making a GET request for password.htm. | 6.1 |