Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-13 | CVE-2016-10941 | Cross-site Scripting vulnerability in Podlove Podcast Publisher The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | 4.3 |
| 2019-09-12 | CVE-2019-6003 | Cross-site Scripting vulnerability in Ec-Cube Amazon PAY 2.12/2.13/2.4.2 Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2019-09-12 | CVE-2019-5985 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. | 4.3 |
| 2019-09-12 | CVE-2019-5975 | Cross-site Scripting vulnerability in Cybozu Garoon DOM-based cross-site scripting vulnerability in Cybozu Garoon 4.6.0 to 4.10.2 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors. | 3.5 |
| 2019-09-12 | CVE-2019-3638 | Cross-site Scripting vulnerability in Mcafee web Gateway Reflected Cross Site Scripting vulnerability in Administrators web console in McAfee Web Gateway (MWG) 7.8.x prior to 7.8.2.13 allows remote attackers to collect sensitive information or execute commands with the MWG administrator's credentials via tricking the administrator to click on a carefully constructed malicious link. | 9.6 |
| 2019-09-12 | CVE-2019-16238 | Cross-site Scripting vulnerability in Afterlogic Aurora 8.3.9 Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | 4.3 |
| 2019-09-12 | CVE-2019-10396 | Cross-site Scripting vulnerability in Jenkins Dashboard View Jenkins Dashboard View Plugin 2.11 and earlier did not escape build descriptions, resulting in a cross-site scripting vulnerability exploitable by users able to change build descriptions. | 5.4 |
| 2019-09-12 | CVE-2019-10395 | Cross-site Scripting vulnerability in Jenkins Build Environment Jenkins Build Environment Plugin 1.6 and earlier did not escape variables shown on its views, resulting in a cross-site scripting vulnerability in Jenkins 2.145, 2.138.1, or older, exploitable by users able to change various job/build properties. | 5.4 |
| 2019-09-11 | CVE-2019-1305 | Cross-site Scripting vulnerability in Microsoft Azure Devops Server and Team Foundation Server A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | 3.5 |
| 2019-09-11 | CVE-2019-1273 | Cross-site Scripting vulnerability in Microsoft products A cross-site-scripting (XSS) vulnerability exists when Active Directory Federation Services (ADFS) does not properly sanitize certain error messages, aka 'Active Directory Federation Services XSS Vulnerability'. | 3.5 |