Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-26 | CVE-2018-18668 | Cross-site Scripting vulnerability in SIR Gnuboard GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter. | 6.1 |
| 2019-08-26 | CVE-2019-15501 | Cross-site Scripting vulnerability in Lsoft Listserv Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter. | 4.3 |
| 2019-08-26 | CVE-2019-15479 | Cross-site Scripting vulnerability in Status Board Project Status Board 1.1.81 Status Board 1.1.81 has reflected XSS via dashboard.ts. | 4.3 |
| 2019-08-26 | CVE-2019-15532 | Cross-site Scripting vulnerability in Gchq Cyberchef CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | 4.3 |
| 2019-08-26 | CVE-2019-15489 | Cross-site Scripting vulnerability in Laracom 1.4.11 laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | 4.3 |
| 2019-08-26 | CVE-2019-15478 | Cross-site Scripting vulnerability in Status Board Project Status Board 1.1.81 Status Board 1.1.81 has reflected XSS via logic.ts. | 4.3 |
| 2019-08-23 | CVE-2016-6154 | Cross-site Scripting vulnerability in Watchguard Fireware The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | 5.8 |
| 2019-08-23 | CVE-2019-5594 | Cross-site Scripting vulnerability in Fortinet Fortinac 8.3.0/8.3.6/8.5.0 An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | 4.3 |
| 2019-08-23 | CVE-2019-1583 | Cross-site Scripting vulnerability in Paloaltonetworks Twistlock 19.07.357 Escalation of privilege vulnerability in the Palo Alto Networks Twistlock console 19.07.358 and earlier allows a Twistlock user with Operator capabilities to escalate privileges to that of another user. | 6.0 |
| 2019-08-23 | CVE-2019-8444 | Cross-site Scripting vulnerability in Atlassian Jira Server The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | 3.5 |