Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-19 | CVE-2018-3830 | Cross-site Scripting vulnerability in multiple products Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-09-19 | CVE-2018-3824 | Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2018-09-19 | CVE-2018-3823 | Cross-site Scripting vulnerability in Elastic Elasticsearch X-Pack and Kibana X-Pack X-Pack Machine Learning versions before 6.2.4 and 5.6.9 had a cross-site scripting (XSS) vulnerability. | 5.4 |
| 2018-09-19 | CVE-2018-16607 | Cross-site Scripting vulnerability in Opmantek Open-Audit 2.2.7 Cross-site scripting (XSS) vulnerability in the Orgs Page in Open-AudIT Professional edition in 2.2.7 allows remote attackers to inject arbitrary web script via the Orgs name field. | 5.4 |
| 2018-09-18 | CVE-2018-15546 | Cross-site Scripting vulnerability in Accusoft Prizmdoc Accusoft PrizmDoc version 13.3 and earlier contains a Stored Cross-Site Scripting issue through a crafted PDF file. | 6.1 |
| 2018-09-18 | CVE-2017-6913 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the Open-Xchange webmail before 7.6.3-rev28 allows remote attackers to inject arbitrary web script or HTML via the event attribute in a time tag. | 6.1 |
| 2018-09-18 | CVE-2018-16955 | Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3 The login function of Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). | 6.1 |
| 2018-09-18 | CVE-2018-16953 | Cross-site Scripting vulnerability in Oracle Webcenter Interaction 10.3.3 The AjaxView::DisplayResponse() function of the portalpages.dll assembly in Oracle WebCenter Interaction Portal 10.3.3 is vulnerable to reflected cross-site scripting (XSS). | 6.1 |
| 2018-09-17 | CVE-2018-14631 | Cross-site Scripting vulnerability in Moodle moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. | 6.1 |
| 2018-09-17 | CVE-2018-17140 | Cross-site Scripting vulnerability in Vms-Studio Quizlord 1.0.1/2.0 The Quizlord plugin through 2.0 for WordPress is prone to Stored XSS via the title parameter in a ql_insert action to wp-admin/admin.php. | 5.4 |