Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-09 | CVE-2018-17866 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | 6.1 |
| 2018-10-09 | CVE-2018-18087 | Cross-site Scripting vulnerability in Bixie Portfolio 1.2.0 The Bixie Portfolio plugin 1.2.0 for Pagekit has XSS: a logged-in user who has the "Manage portfolio" privilege can inject arbitrary web script or HTML via the Image URL field in the portfolio editor. | 5.4 |
| 2018-10-09 | CVE-2018-18082 | Cross-site Scripting vulnerability in Bijiadao Waimai Super CMS 20150505 XSS exists in Waimai Super Cms 20150505 via the fname parameter to the admin.php?m=Food&a=addsave or admin.php?m=Food&a=editsave URI. | 6.1 |
| 2018-10-09 | CVE-2018-18029 | Cross-site Scripting vulnerability in Naviwebs Navigate CMS Navigate CMS has Stored XSS via the navigate.php Title field in an edit action. | 5.4 |
| 2018-10-09 | CVE-2018-2472 | Cross-site Scripting vulnerability in SAP Businessobjects BI Platform 4.1/4.2 SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 (Web Intelligence DHTML client) does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-10-09 | CVE-2018-2470 | Cross-site Scripting vulnerability in SAP Netweaver In SAP NetWeaver Application Server for ABAP, from 7.0 to 7.02, 7.30, 7.31, 7.40 and from 7.50 to 7.53, applications do not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-10-09 | CVE-2018-2466 | Cross-site Scripting vulnerability in SAP Data Services 4.2 In Impact and Lineage Analysis in SAP Data Services, version 4.2, the management console does not sufficiently validate user-controlled inputs, which results in Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-10-08 | CVE-2018-18069 | Cross-site Scripting vulnerability in Wpml process_forms in the WPML (aka sitepress-multilingual-cms) plugin through 3.6.3 for WordPress has XSS via any locale_file_name_ parameter (such as locale_file_name_en) in an authenticated theme-localization.php request to wp-admin/admin.php. | 6.1 |
| 2018-10-08 | CVE-2018-15903 | Cross-site Scripting vulnerability in Claromentis 8.2.2 The Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to stored Cross Site Scripting (XSS). | 5.4 |
| 2018-10-08 | CVE-2018-17443 | Cross-site Scripting vulnerability in Dlink Central Wifimanager An issue was discovered on D-Link Central WiFi Manager before v 1.03r0100-Beta1. | 6.1 |