Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-10-01 | CVE-2018-17874 | Cross-site Scripting vulnerability in Expressionengine ExpressionEngine before 4.3.5 has reflected XSS. | 4.3 |
| 2018-10-01 | CVE-2018-17868 | Cross-site Scripting vulnerability in Dasan H660Gw Firmware DASAN H660GW devices have Stored XSS in the Port Forwarding functionality. | 3.5 |
| 2018-10-01 | CVE-2015-9270 | Cross-site Scripting vulnerability in Theholidaycalendar Holiday Calendar XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. | 4.3 |
| 2018-10-01 | CVE-2018-17835 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15 An issue was discovered in GetSimple CMS 3.3.15. | 3.5 |
| 2018-10-01 | CVE-2018-17832 | Cross-site Scripting vulnerability in Wuzhicms Wuzhi CMS 2.0 XSS exists in WUZHI CMS 2.0 via the index.php v or f parameter. | 4.3 |
| 2018-10-01 | CVE-2018-17830 | Cross-site Scripting vulnerability in Redaxo 5.6.2 The $args variable in addons/mediapool/pages/index.php in REDAXO 5.6.2 is not effectively filtered, because names are not restricted (only values are restricted). | 3.5 |
| 2018-10-01 | CVE-2018-17218 | Cross-site Scripting vulnerability in PTC Thingworx Platform An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. | 3.5 |
| 2018-09-28 | CVE-2018-9081 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the file name used for assets accessible through the Content Viewer application are vulnerable to self cross-site scripting self-XSS. | 2.6 |
| 2018-09-28 | CVE-2018-9079 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, adversaries can craft URLs to modify the Document Object Model (DOM) of the page. | 7.5 |
| 2018-09-28 | CVE-2018-9078 | Cross-site Scripting vulnerability in Lenovo products For some Iomega, Lenovo, LenovoEMC NAS devices versions 4.1.402.34662 and earlier, the Content Explorer application grants users the ability to upload files to shares and this image was rendered in the browser in the device's origin instead of prompting to download the asset. | 6.8 |