Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-11-11 CVE-2018-19178 Cross-site Scripting vulnerability in Jeesns 1.3
In JEESNS 1.3, com/lxinet/jeesns/core/utils/XssHttpServletRequestWrapper.java allows stored XSS via an HTML EMBED element, a different vulnerability than CVE-2018-17886.
network
low complexity
jeesns CWE-79
5.4
5.4
2018-11-11 CVE-2018-19170 Cross-site Scripting vulnerability in Jpress 1.0
In JPress v1.0-rc.5, there is stored XSS via each of the first three input fields to the starter-tomcat-1.0/admin/setting URI, as demonstrated by the web_name parameter.
network
low complexity
jpress CWE-79
4.8
4.8
2018-11-11 CVE-2018-19142 Cross-site Scripting vulnerability in Otrs Open Ticket Request System
Open Ticket Request System (OTRS) 6.0.x before 6.0.13 allows an admin to conduct an XSS attack via a modified URL.
network
low complexity
otrs CWE-79
4.8
4.8
2018-11-11 CVE-2018-19141 Cross-site Scripting vulnerability in multiple products
Open Ticket Request System (OTRS) 4.0.x before 4.0.33 and 5.0.x before 5.0.31 allows an admin to conduct an XSS attack via a modified URL because user and customer preferences are mishandled.
network
low complexity
otrs debian CWE-79
4.8
4.8
2018-11-09 CVE-2018-19145 Cross-site Scripting vulnerability in S-Cms 1.5
An issue was discovered in S-CMS v1.5.
network
low complexity
s-cms CWE-79
6.1
6.1
2018-11-09 CVE-2018-19137 Cross-site Scripting vulnerability in Domainmod
DomainMOD through 4.11.01 has XSS via the assets/edit/ip-address.php ipid parameter.
network
low complexity
domainmod CWE-79
6.1
6.1
2018-11-09 CVE-2018-19136 Cross-site Scripting vulnerability in Domainmod
DomainMOD through 4.11.01 has XSS via the assets/edit/registrar-account.php raid parameter.
network
low complexity
domainmod CWE-79
6.1
6.1
2018-11-09 CVE-2018-1872 Cross-site Scripting vulnerability in IBM Maximo Asset Management 7.6
IBM Maximo Asset Management 7.6 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-11-09 CVE-2018-19131 Cross-site Scripting vulnerability in Squid-Cache Squid
Squid before 4.4 has XSS via a crafted X.509 certificate during HTTP(S) error page generation for certificate errors.
network
low complexity
squid-cache CWE-79
6.1
6.1
2018-11-08 CVE-2018-15451 Cross-site Scripting vulnerability in Cisco Prime Service Catalog 12.1
A vulnerability in the web-based management interface of Cisco Prime Service Catalog could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface.
network
low complexity
cisco CWE-79
5.4
5.4