Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-09-07 | CVE-2018-0642 | Cross-site Scripting vulnerability in Foliovision FV Flowplayer Video Player Cross-site scripting vulnerability in FV Flowplayer Video Player 6.1.2 to 6.6.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-09-07 | CVE-2018-16655 | Cross-site Scripting vulnerability in Gxlcms 1.0 Gxlcms 1.0 has XSS via the PATH_INFO to gx/lib/ThinkPHP/Tpl/ThinkException.tpl.php. | 6.1 |
| 2018-09-07 | CVE-2018-16654 | Cross-site Scripting vulnerability in Zurmo CRM 3.2.4 Zurmo 3.2.4 Stable allows XSS via app/index.php/accounts/default/details?id=2&kanbanBoard=1&openToTaskId=1. | 6.1 |
| 2018-09-07 | CVE-2018-16653 | Cross-site Scripting vulnerability in Rejucms Project Rejucms 2.1 rejucms 2.1 has XSS via the ucenter/cms_user_add.php u_name parameter. | 6.1 |
| 2018-09-06 | CVE-2018-16285 | Cross-site Scripting vulnerability in Userproplugin Userpro The UserPro plugin through 4.9.23 for WordPress allows XSS via the shortcode parameter in a userpro_shortcode_template action to wp-admin/admin-ajax.php. | 6.1 |
| 2018-09-06 | CVE-2018-12234 | Cross-site Scripting vulnerability in Myadrenalin Adrenalin 5.4.0 A Reflected Cross Site Scripting (XSS) Vulnerability was discovered in Adrenalin 5.4.0 HRMS Software. | 6.1 |
| 2018-09-06 | CVE-2018-5005 | Cross-site Scripting vulnerability in Adobe Experience Manager Adobe Experience Manager versions 6.4, 6.3, 6.2, 6.1, and 6.0 have a Cross-site Scripting vulnerability. | 6.1 |
| 2018-09-06 | CVE-2018-16622 | Cross-site Scripting vulnerability in Html-Js Doracms 2.0.3 Multiple cross-site scripting (XSS) vulnerabilities in /api/content/addOne in DoraCMS v2.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) discription or (2) comments field, related to users/userAddContent. | 5.4 |
| 2018-09-06 | CVE-2018-1000670 | Cross-site Scripting vulnerability in Koha KOHA Library System version 16.11.x (up until 16.11.13) and 17.05.x (up until 17.05.05) contains a Cross Site Scripting (XSS) vulnerability in Multiple fields on multiple pages including /cgi-bin/koha/acqui/supplier.pl?op=enter , /cgi-bin/koha/circ/circulation.pl?borrowernumber=[number] , /cgi-bin/koha/serials/subscription-add.pl that can result in Privilege escalation by taking control of higher privileged users browser sessions. | 6.1 |
| 2018-09-06 | CVE-2018-1000665 | Cross-site Scripting vulnerability in Dojotoolkit Dojo Dojo Dojo Objective Harness (DOH) version prior to version 1.14 contains a Cross Site Scripting (XSS) vulnerability in unit.html and testsDOH/_base/loader/i18n-exhaustive/i18n-test/unit.html and testsDOH/_base/i18nExhaustive.js in the DOH that can result in Victim attacked through their browser - deliver malware, steal HTTP cookies, bypass CORS trust. | 6.1 |