Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-11-26 | CVE-2018-13310 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's username. | 4.3 |
| 2018-11-26 | CVE-2018-13309 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in password.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript via the user's password. | 4.3 |
| 2018-11-26 | CVE-2018-13308 | Cross-site Scripting vulnerability in Totolink A3002Ru Firmware 1.0.8 Cross-site scripting in notice_gen.htm in TOTOLINK A3002RU version 1.0.8 allows attackers to execute arbitrary JavaScript by modifying the "User phrases button" field. | 4.3 |
| 2018-11-26 | CVE-2018-18807 | Cross-site Scripting vulnerability in Tibco Statistica Server 13.3.0/13.4.0 The web application of the TIBCO Statistica component of TIBCO Software Inc.'s TIBCO Statistica Server contains vulnerabilities which may allow an authenticated user to perform cross-site scripting (XSS) attacks. | 3.5 |
| 2018-11-26 | CVE-2018-19564 | Cross-site Scripting vulnerability in Goldplugins Easy Testimonials 3.2 Stored XSS was discovered in the Easy Testimonials plugin 3.2 for WordPress. | 4.3 |
| 2018-11-26 | CVE-2018-19554 | Cross-site Scripting vulnerability in Dotcms An issue was discovered in Dotcms through 5.0.3. | 5.4 |
| 2018-11-26 | CVE-2018-19547 | Cross-site Scripting vulnerability in Jtbc PHP 3.0.1.7 JTBC(PHP) 3.0.1.7 has XSS via the console/xml/manage.php?type=action&action=edit content parameter. | 4.3 |
| 2018-11-23 | CVE-2018-19469 | Cross-site Scripting vulnerability in Articlecms Project Articlecms 20170219 ArticleCMS through 2017-02-19 has XSS via the /update_personal_infomation realname or email parameter. | 4.3 |
| 2018-11-22 | CVE-2018-19464 | Cross-site Scripting vulnerability in Dismall Discuz! 3.4 Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | 3.5 |
| 2018-11-22 | CVE-2018-19433 | Cross-site Scripting vulnerability in Showdoc 2.4.1 ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value. | 4.3 |