Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-12-05 CVE-2018-19877 Cross-site Scripting vulnerability in Adiscon Loganalyzer
login.php in Adiscon LogAnalyzer before 4.1.7 has XSS via the Login Button Referer field.
network
adiscon CWE-79
4.3
4.3
2018-12-05 CVE-2018-1728 Cross-site Scripting vulnerability in IBM Qradar Incident Forensics
IBM QRadar SIEM 7.2 and 7.3 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5
3.5
2018-12-04 CVE-2018-18642 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3.
network
gitlab CWE-79
4.3
4.3
2018-12-04 CVE-2018-18991 Cross-site Scripting vulnerability in Spidercontrol Scada Webserver
Reflected cross-site scripting (non-persistent) in SCADA WebServer (Versions prior to 2.03.0001) could allow an attacker to send a crafted URL that contains JavaScript, which can be reflected off the web application to the victim's browser. 		4.3
4.3
2018-12-04 CVE-2018-12319 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title.
network
low complexity
asustor CWE-79
5.0
5.0
2018-12-04 CVE-2018-12311 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename.
network
asustor CWE-79
3.5
3.5
2018-12-04 CVE-2018-12310 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature.
network
asustor CWE-79
3.5
3.5
2018-12-04 CVE-2018-12305 Cross-site Scripting vulnerability in Asustor Data Master 3.1.1
Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript.
network
asustor CWE-79
4.3
4.3
2018-12-04 CVE-2018-11348 Cross-site Scripting vulnerability in Yunohost
Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application.
network
yunohost CWE-79
3.5
3.5
2018-12-04 CVE-2018-16633 Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7
Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title.
network
pluck-cms CWE-79
3.5
3.5