Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-09-16 CVE-2019-8368 Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.16
OpenEMR v5.0.1-6 allows XSS.
network
open-emr CWE-79
4.3
4.3
2019-09-16 CVE-2019-15739 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1.
network
gitlab CWE-79
4.3
4.3
2019-09-16 CVE-2019-15724 Cross-site Scripting vulnerability in Gitlab
An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1.
network
gitlab CWE-79
4.3
4.3
2019-09-16 CVE-2016-10973 Cross-site Scripting vulnerability in Brafton
The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php.
network
brafton CWE-79
4.3
4.3
2019-09-16 CVE-2019-15950 Cross-site Scripting vulnerability in Redmineup CRM
The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data.
network
redmineup CWE-79
4.3
4.3
2019-09-16 CVE-2019-16197 Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.1
In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS.
network
low complexity
dolibarr CWE-79
6.1
6.1
2019-09-16 CVE-2016-10970 Cross-site Scripting vulnerability in Supportflow Project Supportflow
The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. 		4.3
4.3
2019-09-16 CVE-2016-10969 Cross-site Scripting vulnerability in Supportflow Project Supportflow
The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. 		4.3
4.3
2019-09-16 CVE-2016-10967 Cross-site Scripting vulnerability in Creativeinteractivemedia Real3D Flipbook 1.0
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. 		4.3
4.3
2019-09-16 CVE-2016-10964 Cross-site Scripting vulnerability in Findshorty Dwnldr
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header.
network
findshorty CWE-79
4.3
4.3