Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-23 | CVE-2018-18437 | Cross-site Scripting vulnerability in Axiositalia Registro Elettronico 1.7.0 In AXIOS ITALIA Axioscloud Sissiweb Registro Elettronico 1.7.0, secret/relogoff.aspx has XSS via the Error_Desc parameter. | 6.1 |
| 2018-10-23 | CVE-2018-16235 | Cross-site Scripting vulnerability in Telligent Community Telligent Community 6.x, 7.x, 8.x, 9.x before 9.2.10.11796, 10.1.x before 10.1.10.11792, and 10.2.x before 10.2.3.4725 has XSS via the Feed RSS widget. | 6.1 |
| 2018-10-23 | CVE-2018-16226 | Cross-site Scripting vulnerability in Mitel Mivoice Office 400 R5.0 A vulnerability in the web admin component of Mitel MiVoice Office 400, versions R5.0 HF3 (v8839a1) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack, due to insufficient validation for the start.asp page. | 6.1 |
| 2018-10-23 | CVE-2018-12901 | Cross-site Scripting vulnerability in Mitel ST Firmware A vulnerability in the conferencing component of Mitel ST 14.2, versions GA29 (19.49.9400.0) and earlier, could allow an unauthenticated attacker to conduct a reflected cross-site scripting (XSS) attack due to insufficient validation for the signin.php page. | 6.1 |
| 2018-10-23 | CVE-2018-18622 | Cross-site Scripting vulnerability in Bijiadao Waimai Super CMS 20150505 An issue was discovered in Waimai Super Cms 20150505. | 6.1 |
| 2018-10-23 | CVE-2018-18608 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the function named GetPageList defined in the include/datalistcp.class.php file that is used to display the page numbers list at the bottom of some templates, as demonstrated by the PATH_INFO to /member/index.php, /member/pm.php, /member/content_list.php, or /plus/feedback.php. | 6.1 |
| 2018-10-22 | CVE-2018-18579 | Cross-site Scripting vulnerability in Dedecms 5.7 Reflected XSS exists in DedeCMS 5.7 SP2 via the /member/pm.php folder parameter. | 6.1 |
| 2018-10-22 | CVE-2018-18578 | Cross-site Scripting vulnerability in Dedecms 5.7 DedeCMS 5.7 SP2 allows XSS via the plus/qrcode.php type parameter. | 6.1 |
| 2018-10-22 | CVE-2018-15703 | Cross-site Scripting vulnerability in Advantech Webaccess Advantech WebAccess 8.3.2 and below is vulnerable to multiple reflected cross site scripting vulnerabilities. | 6.1 |
| 2018-10-22 | CVE-2018-12246 | Cross-site Scripting vulnerability in Symantec web Isolation 1.11 Symantec Web Isolation (WI) 1.11 prior to 1.11.21 is susceptible to a reflected cross-site scripting (XSS) vulnerability. | 6.1 |