Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-17 | CVE-2018-19324 | Cross-site Scripting vulnerability in Kimsq RB 2.3.0 kimsQ Rb 2.3.0 allows XSS via the second input field to the /?r=home&mod=mypage&page=info URI. | 5.4 |
| 2018-11-16 | CVE-2018-19311 | Cross-site Scripting vulnerability in Centreon 3.4.0/3.4.1/3.4.6 Centreon 3.4.x (fixed in Centreon 18.10.0) allows XSS via the Service field to the main.php?p=20201 URI, as demonstrated by the "Monitoring > Status Details > Services" screen. | 5.4 |
| 2018-11-15 | CVE-2018-19301 | Cross-site Scripting vulnerability in Tp4A Teleport 3.1.0 tp4a TELEPORT 3.1.0 allows XSS via the login page because a crafted username is mishandled when an administrator later views the system log. | 6.1 |
| 2018-11-15 | CVE-2018-16619 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Sonatype Nexus Repository Manager before 3.14 allows XSS. | 6.1 |
| 2018-11-15 | CVE-2018-14935 | Cross-site Scripting vulnerability in Polycom Trio 8500 Firmware 5.5.2/5.5.3 The Web administration console on Polycom Trio devices with software before 5.5.4 has XSS. | 6.1 |
| 2018-11-15 | CVE-2018-1643 | Cross-site Scripting vulnerability in IBM Websphere Application Server The Installation Verification Tool of IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 6.1 |
| 2018-11-15 | CVE-2018-0699 | Cross-site Scripting vulnerability in Hyuki Yukiwiki Cross-site scripting vulnerability in YukiWiki 2.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-11-15 | CVE-2018-0697 | Cross-site Scripting vulnerability in Metabase Cross-site scripting vulnerability in Metabase version 0.29.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-11-15 | CVE-2018-0695 | Cross-site Scripting vulnerability in Usvn Cross-site scripting vulnerability in User-friendly SVN (USVN) Version 1.0.7 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-11-15 | CVE-2018-0687 | Cross-site Scripting vulnerability in NEO Debun Imap and Debun POP Cross-site scripting vulnerability in Denbun by NEOJAPAN Inc. | 6.1 |