Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-11 | CVE-2018-2502 | Cross-site Scripting vulnerability in SAP Business ONE ON Hana 9.2/9.3 TRACE method is enabled in SAP Business One Service Layer . | 4.3 |
| 2018-12-11 | CVE-2018-2486 | Cross-site Scripting vulnerability in SAP Marketing Sapscore and Marketing Uicuan SAP Marketing (UICUAN (1.20, 1.30, 1.40), SAPSCORE (1.13, 1.14)) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 3.5 |
| 2018-12-11 | CVE-2018-19970 | Cross-site Scripting vulnerability in multiple products In phpMyAdmin before 4.8.4, an XSS vulnerability was found in the navigation tree, where an attacker can deliver a payload to a user through a crafted database/table name. | 4.3 |
| 2018-12-11 | CVE-2018-1900 | Cross-site Scripting vulnerability in IBM Curam Social Program Management IBM Curam Social Program Management 6.0.5, 6.1.1, 6.2.0, 7.0.1, and 7.0.3 is vulnerable to cross-site scripting. | 3.5 |
| 2018-12-10 | CVE-2018-16636 | Cross-site Scripting vulnerability in Nucleuscms Nucleus CMS 3.70 Nucleus CMS 3.70 allows HTML Injection via the index.php body parameter. | 4.0 |
| 2018-12-10 | CVE-2018-16635 | Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3.2 Blackcat CMS 1.3.2 allows XSS via the willkommen.php?lang=DE page title at backend/pages/modify.php. | 3.5 |
| 2018-12-10 | CVE-2018-1671 | Cross-site Scripting vulnerability in IBM Curam Social Program Management 7.0.3.0 IBM Curam Social Program Management 7.0.3 is vulnerable to HTML injection. | 4.3 |
| 2018-12-10 | CVE-2018-20017 | Cross-site Scripting vulnerability in Sem-Cms Semcms 3.5 SEMCMS 3.5 has XSS via the first text box to the SEMCMS_Main.php URI. | 3.5 |
| 2018-12-10 | CVE-2018-20012 | Cross-site Scripting vulnerability in PHPcmf 4.1.3 PHPCMF 4.1.3 has XSS via the first input field to the index.php?s=member&c=register&m=index URI. | 3.5 |
| 2018-12-10 | CVE-2018-20011 | Cross-site Scripting vulnerability in Domainmod DomainMOD 4.11.01 has XSS via the assets/add/category.php Category Name or Stakeholder field. | 3.5 |