Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-22 | CVE-2018-19464 | Cross-site Scripting vulnerability in Dismall Discuz! 3.4 Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | 4.8 |
| 2018-11-22 | CVE-2018-19433 | Cross-site Scripting vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | 6.1 |
| 2018-11-20 | CVE-2018-18864 | Cross-site Scripting vulnerability in Loadbalancer Enterprise VA MAX Loadbalancer.org Enterprise VA MAX before 8.3.3 has XSS because Apache HTTP Server logs are displayed. | 9.6 |
| 2018-11-20 | CVE-2018-18774 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through 0.9.8.740 allows XSS via the admin/index.php module parameter. | 6.1 |
| 2018-11-20 | CVE-2018-18716 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 11.4/11.5/12.3 Zoho ManageEngine OpManager 12.3 before 123219 has a Self XSS Vulnerability. | 6.1 |
| 2018-11-20 | CVE-2018-18715 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3 Zoho ManageEngine OpManager 12.3 before 123219 has stored XSS. | 6.1 |
| 2018-11-18 | CVE-2018-19352 | Cross-site Scripting vulnerability in Jupyter Notebook Jupyter Notebook before 5.7.2 allows XSS via a crafted directory name because notebook/static/tree/js/notebooklist.js handles certain URLs unsafely. | 6.1 |
| 2018-11-18 | CVE-2018-19351 | Cross-site Scripting vulnerability in Jupyter Notebook Jupyter Notebook before 5.7.1 allows XSS via an untrusted notebook because nbconvert responses are considered to have the same origin as the notebook server. | 6.1 |
| 2018-11-17 | CVE-2018-19350 | Cross-site Scripting vulnerability in Seacms 6.64 In SeaCMS v6.6.4, there is stored XSS via the member.php?action=chgpwdsubmit email parameter during a password change, as demonstrated by a data: URL in an OBJECT element. | 5.4 |
| 2018-11-17 | CVE-2018-19340 | Cross-site Scripting vulnerability in Guriddo Form PHP 5.3 Guriddo Form PHP 5.3 has XSS via the demos/jqform/defaultnodb/default.php OrderID, ShipName, ShipAddress, ShipCity, ShipPostalCode, ShipCountry, Freight, or details parameter. | 6.1 |