Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-10-24 CVE-2018-18551 Cross-site Scripting vulnerability in Serverscheck Monitoring Software
ServersCheck Monitoring Software through 14.3.3 has Persistent and Reflected XSS via the sensors.html status parameter, sensors.html type parameter, sensors.html device parameter, report.html location parameter, group_delete.html group parameter, report_save.html query parameter, sensors.html location parameter, or group_delete.html group parameter.
network
low complexity
serverscheck CWE-79
6.1
6.1
2018-10-24 CVE-2018-9281 Cross-site Scripting vulnerability in Eaton 9PX UPS Firmware
An issue was discovered on Eaton UPS 9PX 8000 SP devices.
network
low complexity
eaton CWE-79
8.8
8.8
2018-10-24 CVE-2018-18636 Cross-site Scripting vulnerability in D-Link Dsl-2640T Firmware
XSS exists in cgi-bin/webcm on D-link DSL-2640T routers via the var:RelaodHref or var:conid parameter.
network
low complexity
d-link CWE-79
6.1
6.1
2018-10-24 CVE-2018-18635 Cross-site Scripting vulnerability in Mailcleaner 2018.08/2018.09
www/guis/admin/application/controllers/UserController.php in the administration login interface in MailCleaner CE 2018.08 and 2018.09 allows XSS via the admin/login/user/message/ PATH_INFO.
network
low complexity
mailcleaner CWE-79
6.1
6.1
2018-10-24 CVE-2018-18548 Cross-site Scripting vulnerability in Ajenti Ajenticp
ajenticp (aka Ajenti Docker control panel) for Ajenti through v1.2.23.13 has XSS via a filename that is mishandled in File Manager.
network
low complexity
ajenti CWE-79
6.1
6.1
2018-10-24 CVE-2018-18547 Cross-site Scripting vulnerability in Vestacp Control Panel
Vesta Control Panel through 0.9.8-22 has XSS via the edit/web/ domain parameter, the list/backup/ backup parameter, the list/rrd/ period parameter, the list/directory/ dir_a parameter, or the filename to the list/directory/ URI.
network
low complexity
vestacp CWE-79
6.1
6.1
2018-10-24 CVE-2018-18517 Cross-site Scripting vulnerability in Citrix Netscaler Gateway Firmware
Citrix NetScaler Gateway 10.5.x before 10.5.69.003, 11.1.x before 11.1.59.004, 12.0.x before 12.0.58.7, and 12.1.x before 12.1.49.1 has XSS.
network
low complexity
citrix CWE-79
4.8
4.8
2018-10-24 CVE-2018-12650 Cross-site Scripting vulnerability in Myadrenalin Human Resource Management Software 5.4.0
Adrenalin HRMS version 5.4.0 contains a Reflected Cross Site Scripting (XSS) vulnerability in the ApplicationtEmployeeSearch page via 'prntDDLCntrlName' and 'prntFrmName'.
network
low complexity
myadrenalin CWE-79
6.1
6.1
2018-10-24 CVE-2018-1541 Cross-site Scripting vulnerability in IBM Websphere Commerce
IBM WebSphere Commerce Enterprise V7, V8, and V9 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
5.4
5.4
2018-10-23 CVE-2018-7427 Cross-site Scripting vulnerability in Splunk
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk Enterprise 6.0.x before 6.0.14, 6.1.x before 6.1.13, 6.2.x before 6.2.14, 6.3.x before 6.3.10, 6.4.x before 6.4.7, and 6.5.x before 6.5.3; and Splunk Light before 6.6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
splunk CWE-79
6.1
6.1