Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-19 | CVE-2018-19597 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.8 CMS Made Simple 2.2.8 allows XSS via an uploaded SVG document, a related issue to CVE-2017-16798. | 3.5 |
| 2018-12-19 | CVE-2018-19596 | Cross-site Scripting vulnerability in Zurmo 3.2.4 Zurmo 3.2.4 allows HTML Injection via an admin's use of HTML in the report section, a related issue to CVE-2018-19506. | 4.8 |
| 2018-12-19 | CVE-2018-19508 | Cross-site Scripting vulnerability in Cmsimple 4.7.5 CMSimple 4.7.5 has XSS via an admin's upload of an SVG file at a ?userfiles&subdir=userfiles/images/flags/ URI. | 3.5 |
| 2018-12-19 | CVE-2018-19507 | Cross-site Scripting vulnerability in Cmsimple 4.7.5 CMSimple 4.7.5 has XSS via an admin's use of a ?file=config&action=array URI. | 3.5 |
| 2018-12-19 | CVE-2018-19506 | Cross-site Scripting vulnerability in Zurmo 3.2.4 Zurmo 3.2.4 has XSS via an admin's use of the name parameter in the reports section, aka the app/index.php/reports/default/details?id=1 URI. | 3.5 |
| 2018-12-19 | CVE-2018-17193 | Cross-site Scripting vulnerability in Apache Nifi The message-page.jsp error page used the value of the HTTP request header X-ProxyContextPath without sanitization, resulting in a reflected XSS attack. | 4.3 |
| 2018-12-17 | CVE-2018-19933 | Cross-site Scripting vulnerability in Bolt CMS Bolt CMS <3.6.2 allows XSS via text input click preview button as demonstrated by the Title field of a Configured and New Entry. | 4.3 |
| 2018-12-17 | CVE-2018-19828 | Cross-site Scripting vulnerability in Artica Integria IMS 5.0.83 Artica Integria IMS 5.0.83 has XSS via the search_string parameter. | 4.3 |
| 2018-12-17 | CVE-2018-1891 | Cross-site Scripting vulnerability in IBM Security Guardium IBM Security Guardium 10 and 10.5 is vulnerable to cross-site scripting. | 3.5 |
| 2018-12-17 | CVE-2018-1889 | Cross-site Scripting vulnerability in IBM Security Guardium IBM Security Guardium 10.0 and 10.5 is vulnerable to cross-site scripting. | 3.5 |