Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-24 | CVE-2018-8918 | Cross-site Scripting vulnerability in Synology Router Manager Cross-site scripting (XSS) vulnerability in info.cgi in Synology Router Manager (SRM) before 1.1.7-6941 allows remote attackers to inject arbitrary web script or HTML via the host parameter. | 3.5 |
| 2018-12-24 | CVE-2018-20418 | Cross-site Scripting vulnerability in Craftcms Craft CMS 3.0.25 index.php?p=admin/actions/entries/save-entry in Craft CMS 3.0.25 allows XSS by saving a new title from the console tab. | 3.5 |
| 2018-12-23 | CVE-2018-20379 | Cross-site Scripting vulnerability in Technicolor Dpc3928Sl Firmware D3928Slpsip13A010C3420R55105160428A Technicolor DPC3928SL D3928SL-PSIP-13-A010-c3420r55105-160428a devices allow XSS via a Cross Protocol Injection attack with setSSID of 1.3.6.1.4.1.4413.2.2.2.1.18.1.2.1.1.3.10001. | 2.6 |
| 2018-12-23 | CVE-2018-20373 | Cross-site Scripting vulnerability in Tendacn Adsl Firmware 1.0.1 Tenda ADSL modem routers 1.0.1 allow XSS via the hostname of a DHCP client. | 3.5 |
| 2018-12-23 | CVE-2018-20372 | Cross-site Scripting vulnerability in Tp-Link Td-W8961Nd Firmware 1.0.1 TP-Link TD-W8961ND devices allow XSS via the hostname of a DHCP client. | 3.5 |
| 2018-12-23 | CVE-2018-20370 | Cross-site Scripting vulnerability in The-Sz Netchat 7.8 SZ NetChat before 7.9 has XSS in the MyName input field of the Options module. | 3.5 |
| 2018-12-23 | CVE-2018-20369 | Cross-site Scripting vulnerability in Barracuda Message Archiver 2018 Barracuda Message Archiver 2018 has XSS in the error_msg exception-handling value for the ldap_user parameter to the cgi-mod/ldap_load_entry.cgi module. | 4.3 |
| 2018-12-23 | CVE-2018-20368 | Cross-site Scripting vulnerability in Averta Master Slider 3.2.7/3.5.1 The Master Slider plugin 3.2.7 and 3.5.1 for WordPress has XSS via the wp-admin/admin-ajax.php Name input field of the MSPanel.Settings value on Callback. | 3.5 |
| 2018-12-22 | CVE-2018-20367 | Cross-site Scripting vulnerability in Wstmart 2.0.8181212 The "mall some commodity details: commodity consultation" component in WSTMart 2.0.8_181212 has stored XSS via the consultContent parameter, as demonstrated by the index.php/home/goodsconsult/add.html URI. | 4.3 |
| 2018-12-22 | CVE-2018-20351 | Cross-site Scripting vulnerability in Evernote The Markdown component in Evernote (Chinese) before 8.3.2 on macOS allows stored XSS, aka MAC-832. | 4.3 |