Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-16633 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7 Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. | 3.5 |
| 2018-12-04 | CVE-2018-16631 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | 3.5 |
| 2018-12-04 | CVE-2018-16629 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | 3.5 |
| 2018-12-04 | CVE-2018-16628 | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 panel/login in Kirby v2.5.12 allows XSS via a blog name. | 3.5 |
| 2018-12-04 | CVE-2018-19849 | Cross-site Scripting vulnerability in Yzmcms 5.2 An issue was discovered in YzmCMS 5.2. | 3.5 |
| 2018-12-03 | CVE-2018-14704 | Cross-site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Cross-site scripting in the MySQL API error page in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via a malformed URL path. | 4.3 |
| 2018-12-03 | CVE-2018-14698 | Cross-site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Cross-site scripting in the /DroboAccess/delete_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the "username" URL parameter. | 4.3 |
| 2018-12-03 | CVE-2018-14697 | Cross-site Scripting vulnerability in Drobo 5N2 Firmware 4.0.513.28.96115 Cross-site scripting in the /DroboAccess/enable_user endpoint in Drobo 5N2 NAS version 4.0.5-13.28.96115 allows attackers to execute JavaScript via the username URL parameter. | 4.3 |
| 2018-12-03 | CVE-2018-19835 | Cross-site Scripting vulnerability in Metinfo 6.1.3 Metinfo 6.1.3 has reflected XSS via the admin/column/move.php lang_columnerr4 parameter. | 4.3 |
| 2018-12-03 | CVE-2018-1002009 | Cross-site Scripting vulnerability in Kibokolabs Arigato Autoresponder and Newsletter 2.5.1.8 There is a reflected XSS vulnerability in WordPress Arigato Autoresponder and News letter v2.5.1.8 This vulnerability requires administrative privileges to exploit. | 3.5 |