Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-12-04 | CVE-2018-12319 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Denial-of-service in the login page of ASUSTOR ADM 3.1.1 allows attackers to prevent users from signing in by placing malformed text in the title. | 5.0 |
| 2018-12-04 | CVE-2018-12311 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting vulnerability in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute arbitrary JavaScript when a file is moved via a malicious filename. | 3.5 |
| 2018-12-04 | CVE-2018-12310 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in the Login page in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript via the System Announcement feature. | 3.5 |
| 2018-12-04 | CVE-2018-12305 | Cross-site Scripting vulnerability in Asustor Data Master 3.1.1 Cross-site scripting in File Explorer in ASUSTOR ADM version 3.1.1 allows attackers to execute JavaScript by uploading SVG images with embedded JavaScript. | 4.3 |
| 2018-12-04 | CVE-2018-11348 | Cross-site Scripting vulnerability in Yunohost Two XSS vulnerabilities are located in the profile edition page of the user panel of the YunoHost 2.7.2 through 2.7.14 web application. | 3.5 |
| 2018-12-04 | CVE-2018-16633 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7 Pluck v4.7.7 allows XSS via the admin.php?action=editpage&page= page title. | 3.5 |
| 2018-12-04 | CVE-2018-16631 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 Subrion CMS v4.2.1 allows XSS via the panel/configuration/general/ SITE TITLE parameter. | 3.5 |
| 2018-12-04 | CVE-2018-16629 | Cross-site Scripting vulnerability in Intelliants Subrion CMS 4.2.1 panel/uploads/#elf_l1_XA in Subrion CMS v4.2.1 allows XSS via an SVG file with JavaScript in a SCRIPT element. | 3.5 |
| 2018-12-04 | CVE-2018-16628 | Cross-site Scripting vulnerability in Getkirby Kirby 2.5.12 panel/login in Kirby v2.5.12 allows XSS via a blog name. | 3.5 |
| 2018-12-04 | CVE-2018-19849 | Cross-site Scripting vulnerability in Yzmcms 5.2 An issue was discovered in YzmCMS 5.2. | 3.5 |