Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-06 | CVE-2018-19927 | Cross-site Scripting vulnerability in Zenitel Ip-Stationweb Firmware Zenitel Norway IP-StationWeb before 4.2.3.9 allows stored XSS via the Display Name for Station Status or Account Settings, related to the goform/zForm_save_changes sip_nick parameter. | 3.5 |
| 2018-12-06 | CVE-2018-19926 | Cross-site Scripting vulnerability in Zenitel Ip-Stationweb Firmware Zenitel Norway IP-StationWeb before 4.2.3.9 allows reflected XSS via the goform/ PATH_INFO. | 4.3 |
| 2018-12-06 | CVE-2018-19924 | Cross-site Scripting vulnerability in Sales & Company Management System Project Sales & Company Management System An issue was discovered in Sales & Company Management System (SCMS) through 2018-06-06. | 4.3 |
| 2018-12-06 | CVE-2018-19922 | Cross-site Scripting vulnerability in Actiontec C1000A Firmware Persistent Cross-Site Scripting (XSS) in the advancedsetup_websiteblocking.html Website Blocking page of the Actiontec C1000A router with firmware through CAC004-31.30L.95 allows a remote attacker to inject arbitrary HTML into the Website Blocking page by inserting arbitrary HTML into the 'TodUrlAdd' URL parameter in a /urlfilter.cmd POST request. | 4.3 |
| 2018-12-06 | CVE-2018-19921 | Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager Zoho ManageEngine OpManager 12.3 before 123237 has XSS in the domain controller. | 4.3 |
| 2018-12-06 | CVE-2018-19919 | Cross-site Scripting vulnerability in Pixelimity 1.0 Pixelimity 1.0 has Persistent XSS via the admin/portfolio.php data[title] parameter, as demonstrated by a crafted onload attribute of an SVG element. | 3.5 |
| 2018-12-06 | CVE-2018-19915 | Cross-site Scripting vulnerability in Domainmod DomainMOD through 4.11.01 has XSS via the assets/edit/host.php Web Host Name or Web Host URL field. | 3.5 |
| 2018-12-06 | CVE-2018-19914 | Cross-site Scripting vulnerability in Domainmod DomainMOD through 4.11.01 has XSS via the assets/add/dns.php Profile Name or notes field. | 3.5 |
| 2018-12-06 | CVE-2018-19913 | Cross-site Scripting vulnerability in Domainmod DomainMOD through 4.11.01 has XSS via the assets/add/registrar-accounts.php UserName, Reseller ID, or notes field. | 3.5 |
| 2018-12-06 | CVE-2018-18362 | Cross-site Scripting vulnerability in Symantec Norton Password Manager Norton Password Manager for Android (formerly Norton Identity Safe) may be susceptible to a cross site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users. | 4.3 |