Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-03 | CVE-2018-18909 | Cross-site Scripting vulnerability in Xheditor 1.2.2 xhEditor 1.2.2 allows XSS via JavaScript code in the SRC attribute of an IFRAME element within the editor's source-code view. | 6.1 |
| 2018-11-02 | CVE-2017-1609 | Cross-site Scripting vulnerability in IBM Rational Quality Manager IBM Quality Manager (RQM) 5.0 through 5.0.2 and 6.0 through 6.0.6 are vulnerable to cross-site scripting. | 5.4 |
| 2018-11-01 | CVE-2018-6906 | Cross-site Scripting vulnerability in Rainmachine web Application A persistent Cross Site Scripting (XSS) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to inject arbitrary JavaScript via the REST API. | 6.1 |
| 2018-11-01 | CVE-2018-18776 | Cross-site Scripting vulnerability in Microstrategy web 7 Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the admin/admin.asp ShowAll parameter. | 6.1 |
| 2018-11-01 | CVE-2018-18775 | Cross-site Scripting vulnerability in Microstrategy web 7 Microstrategy Web, version 7, does not sufficiently encode user-controlled inputs, resulting in a Cross-Site Scripting (XSS) vulnerability via the Login.asp Msg parameter. | 6.1 |
| 2018-11-01 | CVE-2018-10586 | Cross-site Scripting vulnerability in Netgain-Systems Enterprise Manager 10.0.57 NetGain Enterprise Manager (EM) is affected by multiple Stored Cross-Site Scripting (XSS) vulnerabilities in versions before 10.1.12. | 4.8 |
| 2018-10-31 | CVE-2018-15707 | Cross-site Scripting vulnerability in Advantech Webaccess 8.3.1/8.3.2 Advantech WebAccess 8.3.1 and 8.3.2 are vulnerable to cross-site scripting in the Bwmainleft.asp page. | 5.4 |
| 2018-10-31 | CVE-2018-18868 | Cross-site Scripting vulnerability in No-Cms Project No-Cms 1.1.3 No-CMS 1.1.3 is prone to Persistent XSS via a contact_us name parameter, as demonstrated by the VG48Z5PqVWname parameter. | 6.1 |
| 2018-10-30 | CVE-2018-16468 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby, through v2.2.2, unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2018-10-30 | CVE-2018-17783 | Cross-site Scripting vulnerability in Mantisbt A cross-site scripting (XSS) vulnerability in the Edit Filter page (manage_filter_edit page.php) in MantisBT 2.1.0 through 2.17.1 allows remote attackers (if access rights permit it) to inject arbitrary code (if CSP settings permit it) through a crafted project name. | 5.4 |