Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-12-21 CVE-2018-20322 Cross-site Scripting vulnerability in Limesurvey
LimeSurvey version 3.15.5 contains a Cross-site scripting (XSS) vulnerability in Survey Resource zip upload, resulting in Javascript code execution against LimeSurvey administrators.
network
limesurvey CWE-79
4.3
4.3
2018-12-21 CVE-2018-16778 Cross-site Scripting vulnerability in Jenzabar 8.2.1/9.2.0
Cross-site scripting (XSS) vulnerability in Jenzabar v8.2.1 through 9.2.0 allows remote attackers to inject arbitrary web script or HTML via the query parameter (aka the Search Field).
network
jenzabar CWE-79
4.3
4.3
2018-12-21 CVE-2018-20339 Cross-site Scripting vulnerability in Zohocorp Manageengine Opmanager 12.3
Zoho ManageEngine OpManager 12.3 before build 123239 allows XSS in the Notes column of the Alarms section.
network
zohocorp CWE-79
4.3
4.3
2018-12-21 CVE-2018-20328 Cross-site Scripting vulnerability in Chamilo LMS 1.11.8
Chamilo LMS version 1.11.8 contains XSS in main/social/group_view.php in the social groups tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators.
network
chamilo CWE-79
3.5
3.5
2018-12-21 CVE-2018-20327 Cross-site Scripting vulnerability in Chamilo LMS 1.11.8
Chamilo LMS version 1.11.8 contains XSS in main/template/default/admin/gradebook_list.tpl in the gradebook dependencies tool, allowing authenticated users to affect other users, under specific conditions of permissions granted by administrators.
network
chamilo CWE-79
3.5
3.5
2018-12-20 CVE-2018-14846 Cross-site Scripting vulnerability in Mondula Multi Step Form
The Mondula Multi Step Form plugin before 1.2.8 for WordPress has multiple stored XSS via wp-admin/admin-ajax.php.
network
mondula CWE-79
3.5
3.5
2018-12-20 CVE-2018-12651 Cross-site Scripting vulnerability in Myadrenalin Human Resource Management Software 5.4.0
A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4 HRMS Software. 		4.3
4.3
2018-12-20 CVE-2018-8891 Cross-site Scripting vulnerability in Blackberry Unified Endpoint Manager
Multiple stored cross-site scripting (XSS) vulnerabilities in the Management Console of BlackBerry UEM versions earlier than 12.9.1 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
network
blackberry CWE-79
3.5
3.5
2018-12-20 CVE-2018-8888 Cross-site Scripting vulnerability in Blackberry Unified Endpoint Manager
A stored cross-site scripting (XSS) vulnerability in the Management Console of BlackBerry UEM versions earlier than 12.10.0 could allow an attacker to store script commands that could later be executed in the context of another Management Console administrator.
network
blackberry CWE-79
3.5
3.5
2018-12-20 CVE-2018-1000874 Cross-site Scripting vulnerability in Cebe Markdown
PHP cebe markdown parser version 1.2.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in all distributed parsers allowing a malicious crafted script to be executed that can result in the lose of user data and sensitive user information.
network
low complexity
cebe CWE-79
6.1
6.1