Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-18 | CVE-2018-14082 | Cross-site Scripting vulnerability in Freelancewebdesignerchennai JOB Portal 3.0.1 PHP Scripts Mall JOB SITE (aka Job Portal) 3.0.1 has Cross-site Scripting (XSS) via the search bar. | 5.4 |
| 2018-07-18 | CVE-2018-12429 | Cross-site Scripting vulnerability in Jeesns 1.2.1 JEESNS through 1.2.1 allows XSS attacks by ordinary users who publish articles containing a crafted payload in order to capture an administrator cookie. | 5.4 |
| 2018-07-18 | CVE-2018-14382 | Cross-site Scripting vulnerability in Instantcms 2.10.1 InstantCMS 2.10.1 has /redirect?url= XSS. | 6.1 |
| 2018-07-18 | CVE-2018-14380 | Cross-site Scripting vulnerability in Graylog In Graylog before 2.4.6, XSS was possible in typeahead components, related to components/common/TypeAheadInput.jsx and components/search/QueryInput.ts. | 6.1 |
| 2018-07-18 | CVE-2018-5232 | Cross-site Scripting vulnerability in Atlassian Jira The EditIssue.jspa resource in Atlassian Jira before version 7.6.7 and from version 7.7.0 before version 7.10.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the issuetype parameter. | 6.1 |
| 2018-07-17 | CVE-2018-6681 | Cross-site Scripting vulnerability in Mcafee Network Security Manager Abuse of Functionality vulnerability in the web interface in McAfee Network Security Management (NSM) 9.1.7.11 and earlier allows authenticated users to allow arbitrary HTML code to be reflected in the response web page via appliance web interface. | 5.4 |
| 2018-07-16 | CVE-2018-13832 | Cross-site Scripting vulnerability in Techotronic ALL in ONE Favicon Multiple Persistent cross-site scripting (XSS) issues in the Techotronic all-in-one-favicon (aka All In One Favicon) plugin 4.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via Apple-Text, GIF-Text, ICO-Text, PNG-Text, or JPG-Text. | 4.8 |
| 2018-07-16 | CVE-2017-17541 | Cross-site Scripting vulnerability in Fortinet Fortianalyzer Firmware and Fortimanager Firmware A Cross-site Scripting (XSS) vulnerability in Fortinet FortiManager 6.0.0, 5.6.4 and below versions, FortiAnalyzer 6.0.0, 5.6.4 and below versions allows inject Javascript code and HTML tags through the CN value of CA and CRL certificates via the import CA and CRL certificates feature. | 6.1 |
| 2018-07-16 | CVE-2018-0366 | Cross-site Scripting vulnerability in Cisco web Security Appliance 10.1.2003/10.5.1276 A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 6.1 |
| 2018-07-16 | CVE-2018-5229 | Cross-site Scripting vulnerability in Atlassian Universal Plugin Manager The NotificationRepresentationFactoryImpl class in Atlassian Universal Plugin Manager before version 2.22.9 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of user submitted add-on names. | 5.4 |