Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-11 | CVE-2019-16217 | Cross-site Scripting vulnerability in multiple products WordPress before 5.2.3 allows XSS in media uploads because wp_ajax_upload_attachment is mishandled. | 6.1 |
| 2019-09-11 | CVE-2019-14996 | Cross-site Scripting vulnerability in Atlassian Jira Server The FilterPickerPopup.jspa resource in Jira before version 7.13.7, and from version 8.0.0 before version 8.3.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the searchOwnerUserName parameter. | 4.3 |
| 2019-09-11 | CVE-2019-16193 | Cross-site Scripting vulnerability in Esri Arcgis Enterprise 10.6.1 In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. | 3.5 |
| 2019-09-10 | CVE-2019-11464 | Cross-site Scripting vulnerability in Couchbase Server 5.1.2/5.5.0 Some enterprises require that REST API endpoints include security-related headers in REST responses. | 4.3 |
| 2019-09-10 | CVE-2019-0361 | Cross-site Scripting vulnerability in SAP Supplier Relationship Management 3.73/7.31/7.32 SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 4.3 |
| 2019-09-10 | CVE-2017-18611 | Cross-site Scripting vulnerability in Magicfields Magic Fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter. | 4.3 |
| 2019-09-10 | CVE-2017-18610 | Cross-site Scripting vulnerability in Magicfields Magic Fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter. | 4.3 |
| 2019-09-10 | CVE-2017-18609 | Cross-site Scripting vulnerability in Magicfields Magic Fields The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter. | 4.3 |
| 2019-09-10 | CVE-2017-18608 | Cross-site Scripting vulnerability in Spot Spot.Im Comments The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues. | 4.3 |
| 2019-09-10 | CVE-2017-18606 | Cross-site Scripting vulnerability in Theme-Fusion Avada The avada theme before 5.1.5 for WordPress has stored XSS. | 4.3 |