Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-09-14 CVE-2018-17031 Cross-site Scripting vulnerability in Gogs 0.11.53
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.
network
low complexity
gogs CWE-79
6.1
6.1
2018-09-13 CVE-2018-17026 Cross-site Scripting vulnerability in Monstra 3.0.4
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page&name=error404 action, a different vulnerability than CVE-2018-10121.
network
low complexity
monstra CWE-79
4.8
4.8
2018-09-13 CVE-2018-17025 Cross-site Scripting vulnerability in Monstra 3.0.4
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an edit_page action for a page with no special role.
network
low complexity
monstra CWE-79
6.1
6.1
2018-09-13 CVE-2018-17024 Cross-site Scripting vulnerability in Monstra 3.0.4
admin/index.php in Monstra CMS 3.0.4 allows XSS via the page_meta_title parameter in an add_page action.
network
low complexity
monstra CWE-79
4.8
4.8
2018-09-13 CVE-2018-17021 Cross-site Scripting vulnerability in Asus Gt-Ac5300 Firmware
Cross-site scripting (XSS) vulnerability on ASUS GT-AC5300 devices with firmware through 3.0.0.4.384_32738 allows remote attackers to inject arbitrary web script or HTML via the appGet.cgi hook parameter.
network
low complexity
asus CWE-79
6.1
6.1
2018-09-13 CVE-2018-8470 Cross-site Scripting vulnerability in Microsoft Internet Explorer 11
A security feature bypass vulnerability exists in Internet Explorer due to how scripts are handled that allows a universal cross-site scripting (UXSS) condition, aka "Internet Explorer Security Feature Bypass Vulnerability." This affects Internet Explorer 11.
network
low complexity
microsoft CWE-79
6.1
6.1
2018-09-13 CVE-2018-8431 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server and Sharepoint Server
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-09-13 CVE-2018-8428 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-09-13 CVE-2018-8426 Cross-site Scripting vulnerability in Microsoft products
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft Office SharePoint XSS Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-09-12 CVE-2018-16980 Cross-site Scripting vulnerability in Dotcms 5.0.1
dotCMS V5.0.1 has XSS in the /html/portlet/ext/contentlet/image_tools/index.jsp fieldName and inode parameters.
network
low complexity
dotcms CWE-79
6.1
6.1