Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-16 | CVE-2018-13387 | Cross-site Scripting vulnerability in Atlassian Jira The IncomingMailServers resource in Atlassian JIRA Server before version 7.6.7, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3 and from version 7.10.0 before version 7.10.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the messagesThreshold parameter as the fix for CVE-2017-18039 was incomplete. | 6.1 |
| 2018-07-13 | CVE-2016-9500 | Cross-site Scripting vulnerability in Accellion FTP Server Accellion FTP server prior to version FTA_9_12_220 uses the Accusoft Prizm Content flash component, which contains multiple parameters (customTabCategoryName, customButton1Image) that are vulnerable to cross-site scripting. | 6.1 |
| 2018-07-13 | CVE-2016-9493 | Cross-site Scripting vulnerability in Jqueryform PHP Formmail Generator 20161206 The code generated by PHP FormMail Generator prior to 17 December 2016 is vulnerable to stored cross-site scripting. | 6.1 |
| 2018-07-13 | CVE-2018-1255 | Cross-site Scripting vulnerability in EMC RSA Identity Governance and Lifecycle 7.0.1/7.0.2/7.1.0 RSA Identity Lifecycle and Governance versions 7.0.1, 7.0.2 and 7.1.0 contains a reflected cross-site scripting vulnerability. | 6.1 |
| 2018-07-13 | CVE-2018-14042 | Cross-site Scripting vulnerability in Getbootstrap Bootstrap In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | 6.1 |
| 2018-07-13 | CVE-2018-14041 | Cross-site Scripting vulnerability in Getbootstrap Bootstrap 4.0.0/4.1.0/4.1.1 In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. | 6.1 |
| 2018-07-13 | CVE-2018-14040 | Cross-site Scripting vulnerability in multiple products In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. | 6.1 |
| 2018-07-12 | CVE-2018-12981 | Cross-site Scripting vulnerability in Wago products An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. | 5.4 |
| 2018-07-12 | CVE-2018-13999 | Cross-site Scripting vulnerability in Catfish-Cms Catfish CMS 4.7.9 Catfish CMS v4.7.9 allows XSS via the admin/Index/write.html editorValue parameter (aka an article posted by an administrator). | 4.8 |
| 2018-07-12 | CVE-2018-13998 | Cross-site Scripting vulnerability in Clippercms 1.3.3 ClipperCMS 1.3.3 has stored XSS via the Full Name field of (1) Security -> Manager Users or (2) Security -> Web Users. | 4.8 |