Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-12 | CVE-2018-16978 | Cross-site Scripting vulnerability in Monstra 3.0.4 Monstra CMS V3.0.4 has XSS when ones tries to register an account with a crafted password parameter to users/registration, a different vulnerability than CVE-2018-11473. | 6.1 |
| 2018-09-12 | CVE-2018-16729 | Cross-site Scripting vulnerability in Pluck-Cms Pluck 4.7.7 Pluck 4.7.7 allows XSS via an SVG file that contains Javascript in a SCRIPT element, and is uploaded via pages->manage under admin.php?action=files. | 5.4 |
| 2018-09-12 | CVE-2018-16728 | Cross-site Scripting vulnerability in Feindura 2.0.7 feindura 2.0.7 allows XSS via the tags field of a new page created at index.php?category=0&page=new. | 5.4 |
| 2018-09-12 | CVE-2018-16727 | Cross-site Scripting vulnerability in Razorcms 3.4.7 razorCMS 3.4.7 allows Stored XSS via the keywords of the homepage within the settings component. | 5.4 |
| 2018-09-12 | CVE-2018-16726 | Cross-site Scripting vulnerability in Razorcms 3.4.7 razorCMS 3.4.7 allows HTML injection via the description of the homepage within the settings component. | 5.4 |
| 2018-09-12 | CVE-2018-16605 | Cross-site Scripting vulnerability in Dlink Dir-600M Firmware D-Link DIR-600M devices allow XSS via the Hostname and Username fields in the Dynamic DNS Configuration page. | 5.4 |
| 2018-09-11 | CVE-2018-10937 | Cross-site Scripting vulnerability in Redhat Openshift Container Platform 3.11 A cross site scripting flaw exists in the tetonic-console component of Openshift Container Platform 3.11. | 5.4 |
| 2018-09-11 | CVE-2018-2464 | Cross-site Scripting vulnerability in SAP Netweaver SAP WebDynpro Java, versions 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in a stored Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2018-09-11 | CVE-2018-2452 | Cross-site Scripting vulnerability in SAP Netweaver Application Server Java The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | 6.1 |
| 2018-09-10 | CVE-2018-16805 | Cross-site Scripting vulnerability in B3Log Solo 2.9.3 In b3log Solo 2.9.3, XSS in the Input page under the Publish Articles menu, with an ID of linkAddress stored in the link JSON field, allows remote attackers to inject arbitrary Web scripts or HTML via a crafted site name provided by an administrator. | 4.8 |