Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-09-01 CVE-2018-16327 Cross-site Scripting vulnerability in Intelliants Subrion 4.2.1
There is Stored XSS in Subrion 4.2.1 via the admin panel URL configuration.
network
low complexity
intelliants CWE-79
4.8
2018-09-01 CVE-2018-16325 Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.4.0.9
There is XSS in GetSimple CMS 3.4.0.9 via the admin/edit.php title field.
network
low complexity
get-simple CWE-79
6.1
2018-09-01 CVE-2018-16324 Cross-site Scripting vulnerability in Icewarp Mail Server
In IceWarp Server 12.0.3.1 and before, there is XSS in the /webmail/ username field.
network
low complexity
icewarp CWE-79
6.1
2018-09-01 CVE-2018-16316 Cross-site Scripting vulnerability in Portainer
A stored Cross-site scripting (XSS) vulnerability in Portainer through 1.19.1 allows remote authenticated users to inject arbitrary JavaScript and/or HTML via the Team Name field.
network
low complexity
portainer CWE-79
5.4
2018-09-01 CVE-2018-16313 Cross-site Scripting vulnerability in Bludit 2.3.4
Bludit 2.3.4 allows XSS via a user name.
network
low complexity
bludit CWE-79
6.1
2018-08-31 CVE-2018-16298 Cross-site Scripting vulnerability in 1234N Minicms 1.10
An issue was discovered in MiniCMS 1.10.
network
low complexity
1234n CWE-79
6.1
2018-08-30 CVE-2018-16236 Cross-site Scripting vulnerability in Cpanel
cPanel through 74 allows XSS via a crafted filename in the logs subdirectory of a user account, because the filename is mishandled during frontend/THEME/raw/index.html rendering.
network
low complexity
cpanel CWE-79
6.1
2018-08-30 CVE-2018-16234 Cross-site Scripting vulnerability in Morningstarsecurity Whatweb 0.4.9
MorningStar WhatWeb 0.4.9 has XSS via JSON report files.
network
low complexity
morningstarsecurity CWE-79
6.1
2018-08-30 CVE-2018-16233 Cross-site Scripting vulnerability in 1234N Minicms 1.10
MiniCMS V1.10 has XSS via the mc-admin/post-edit.php tags parameter.
network
low complexity
1234n CWE-79
6.1
2018-08-30 CVE-2018-14899 Cross-site Scripting vulnerability in Epson Wf-2750 Firmware Jp02L2
On the EPSON WF-2750 printer with firmware JP02I2, the Web interface AirPrint Setup page is vulnerable to HTML Injection that can redirect users to malicious sites.
network
low complexity
epson CWE-79
6.1