Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-17 | CVE-2018-18247 | Cross-site Scripting vulnerability in Icinga web 2 Icinga Web 2 before 2.6.2 has XSS via the /icingaweb2/navigation/add icon parameter. | 3.5 |
| 2018-12-17 | CVE-2018-18245 | Cross-site Scripting vulnerability in multiple products Nagios Core 4.4.2 has XSS via the alert summary reports of plugin results, as demonstrated by a SCRIPT element delivered by a modified check_load plugin to NRPE. | 3.5 |
| 2018-12-17 | CVE-2017-18352 | Cross-site Scripting vulnerability in Google Rendertron 1.0.0 Error reporting within Rendertron 1.0.0 allows reflected Cross Site Scripting (XSS) from invalid URLs. | 4.3 |
| 2018-12-14 | CVE-2018-20153 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, contributors could modify new comments made by users with greater privileges, possibly causing XSS. | 3.5 |
| 2018-12-14 | CVE-2018-20150 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, crafted URLs could trigger XSS for certain use cases involving plugins. | 4.3 |
| 2018-12-14 | CVE-2018-20149 | Cross-site Scripting vulnerability in Wordpress In WordPress before 4.9.9 and 5.x before 5.0.1, when the Apache HTTP Server is used, authors could upload crafted files that bypass intended MIME type restrictions, leading to XSS, as demonstrated by a .jpg file without JPEG data. | 3.5 |
| 2018-12-14 | CVE-2018-1848 | Cross-site Scripting vulnerability in IBM products IBM Business Automation Workflow 18.0.0.0 and 18.0.0.1 is vulnerable to cross-site scripting. | 4.3 |
| 2018-12-13 | CVE-2018-5411 | Cross-site Scripting vulnerability in Pixar Tractor 2.0/2.1/2.2 Pixar's Tractor software, versions 2.2 and earlier, contain a stored cross-site scripting vulnerability in the field that allows a user to add a note to an existing node. | 3.5 |
| 2018-12-13 | CVE-2018-19439 | Cross-site Scripting vulnerability in Oracle Secure Global Desktop 4.4 XSS exists in the Administration Console in Oracle Secure Global Desktop 4.4 20080807152602 (but was fixed in later versions including 5.4). | 4.3 |
| 2018-12-13 | CVE-2018-20138 | Cross-site Scripting vulnerability in Readymadeb2Bscript Entrepreneur B2B Script 3.0.6 PHP Scripts Mall Entrepreneur B2B Script 3.0.6 allows Stored XSS via Account Settings fields such as FirstName and LastName, a similar issue to CVE-2018-14541. | 3.5 |