Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-08-01 | CVE-2018-0411 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web-based management interface of Cisco Unified Communications Manager could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-08-01 | CVE-2018-0408 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2018-08-01 | CVE-2018-0407 | Cross-site Scripting vulnerability in Cisco products A vulnerability in the web-based management interface of Cisco Small Business 300 Series (Sx300) Managed Switches could allow an authenticated, remote attacker to conduct a persistent cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 5.4 |
| 2018-08-01 | CVE-2018-0406 | Cross-site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1269/11.5.0Fcs581 A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected or Document Object Model based (DOM-based) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-08-01 | CVE-2018-14777 | Cross-site Scripting vulnerability in Dleviet Datalife Engine 13.0/9.7 An issue was discovered in DataLife Engine (DLE) through 13.0. | 5.4 |
| 2018-08-01 | CVE-2018-1999029 | Cross-site Scripting vulnerability in Jenkins Shelve Project A cross-site scripting vulnerability exists in Jenkins Shelve Project Plugin 1.5 and earlier in ShelveProjectAction/index.jelly, ShelvedProjectsAction/index.jelly that allows attackers with Job/Configure permission to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 5.4 |
| 2018-08-01 | CVE-2016-8639 | Cross-site Scripting vulnerability in multiple products It was found that foreman before 1.13.0 is vulnerable to a stored XSS via an organization or location name. | 5.4 |
| 2018-08-01 | CVE-2018-14776 | Cross-site Scripting vulnerability in Clickstudios Passwordstate 8.3 Click Studios Passwordstate before 8.3 Build 8397 allows XSS by authenticated users via an uploaded HTML document. | 5.4 |
| 2018-07-31 | CVE-2018-10609 | Cross-site Scripting vulnerability in Martem Telem-Gw6 Firmware and Telem-Gwm Firmware Martem TELEM GW6 and GWM devices with firmware 2018.04.18-linux_4-01-601cb47 and prior allow improper sanitization of data over a Websocket which may allow cross-site scripting and client-side code execution with target user privileges. | 6.1 |
| 2018-07-31 | CVE-2018-12944 | Cross-site Scripting vulnerability in Seeddms Persistent Cross-Site Scripting (XSS) vulnerability in the "Categories" feature in SeedDMS (formerly LetoDMS and MyDMS) before 5.1.8 allows remote attackers to inject arbitrary web script or HTML via the name field. | 6.1 |