Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-9283 | Cross-site Scripting vulnerability in Cremecrm 1.6.12 An XSS issue was discovered in CremeCRM 1.6.12. | 5.4 |
| 2018-09-07 | CVE-2018-16363 | Cross-site Scripting vulnerability in Filemanagerpro File Manager 2.9 The mndpsingh287 File Manager plugin V2.9 for WordPress has XSS via the lang parameter in a wp-admin/admin.php?page=wp_file_manager request because set_transient is used in file_folder_manager.php and there is an echo of lang in lib\wpfilemanager.php. | 5.4 |
| 2018-09-07 | CVE-2018-14397 | Cross-site Scripting vulnerability in Cremecrm 1.6.12 An issue was discovered in Creme CRM 1.6.12. | 5.4 |
| 2018-09-07 | CVE-2018-14396 | Cross-site Scripting vulnerability in Cremecrm 1.6.12 An issue was discovered in Creme CRM 1.6.12. | 5.4 |
| 2018-09-07 | CVE-2017-1114 | Cross-site Scripting vulnerability in IBM Campaign 10.0/9.1/9.1.2 IBM Campaign 9.1, 9.1.2, and 10 is vulnerable to cross-site scripting. | 5.4 |
| 2018-09-07 | CVE-2018-0657 | Cross-site Scripting vulnerability in multiple products Cross-site scripting vulnerability in EC-CUBE Payment Module and GMO-PG Payment Module (PG Multi-Payment Service) for EC-CUBE (EC-CUBE Payment Module (2.12) version 3.5.23 and earlier, EC-CUBE Payment Module (2.11) version 2.3.17 and earlier, GMO-PG Payment Module (PG Multi-Payment Service) (2.12) version 3.5.23 and earlier, and GMO-PG Payment Module (PG Multi-Payment Service) (2.11) version 2.3.17 and earlier) allow an attacker with administrator rights to inject arbitrary web script or HTML via unspecified vectors. | 4.8 |
| 2018-09-07 | CVE-2018-0655 | Cross-site Scripting vulnerability in Weseek Growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the app settings section of admin page. | 4.8 |
| 2018-09-07 | CVE-2018-0654 | Cross-site Scripting vulnerability in Weseek Growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via the modal for creating Wiki page. | 6.1 |
| 2018-09-07 | CVE-2018-0653 | Cross-site Scripting vulnerability in Weseek Growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote attackers to inject arbitrary web script or HTML via Wiki page view. | 6.1 |
| 2018-09-07 | CVE-2018-0652 | Cross-site Scripting vulnerability in Weseek Growi Cross-site scripting vulnerability in GROWI v.3.1.11 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via the UserGroup Management section of admin page. | 4.8 |