Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-13312 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "Input your notice URL" field. | 6.1 |
| 2018-11-26 | CVE-2018-13310 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. | 6.1 |
| 2018-11-26 | CVE-2018-13309 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | 6.1 |
| 2018-11-26 | CVE-2018-13308 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | 6.1 |
| 2018-11-26 | CVE-2018-18807 | Cross-site Scripting vulnerability in Tibco Statistica Server 13.3.0/13.4.0 The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. | 5.4 |
| 2018-11-26 | CVE-2018-19564 | Cross-site Scripting vulnerability in Goldplugins Easy Testimonials 3.2 Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. | 6.1 |
| 2018-11-26 | CVE-2018-19554 | Cross-site Scripting vulnerability in Dotcms An issue was discovered in Dotcms through 5.0.3. | 5.4 |
| 2018-11-26 | CVE-2018-19547 | Cross-site Scripting vulnerability in Jtbc PHP 3.0.1.7 JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | 6.1 |
| 2018-11-26 | CVE-2018-19546 | Cross-site Scripting vulnerability in Jtbc PHP 3.0.1.7 JTBC(PHP) 3.0.1.7 has CSRF via the console/xml/manage.php?type=action&action=edit URI, as demonstrated by an XSS payload in the content parameter. | 8.8 |
| 2018-11-23 | CVE-2018-19469 | Cross-site Scripting vulnerability in Articlecms Project Articlecms 1.0/20170219 ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | 6.1 |