Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-07-11 CVE-2018-10231 Cross-site Scripting vulnerability in Topdesk
Cross-site scripting (XSS) vulnerability in TOPdesk before 8.05.017 (June 2018 version) and before 5.7.SR9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
network
low complexity
topdesk CWE-79
6.1
6.1
2018-07-11 CVE-2017-16710 Cross-site Scripting vulnerability in Crestron Airmedia Am-100 Firmware and Airmedia Am-101 Firmware
Cross-site scripting (XSS) vulnerability in Crestron Airmedia AM-100 devices with firmware before 1.6.0 and AM-101 devices with firmware before 2.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
crestron CWE-79
4.8
4.8
2018-07-11 CVE-2013-0592 Cross-site Scripting vulnerability in IBM Inotes
Cross-site scripting (XSS) vulnerability in IBM iNotes before 8.5.3 Fix Pack 6 and 9.x before 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2018-07-11 CVE-2018-13879 Cross-site Scripting vulnerability in Rocket.Chat
A reflected XSS issue was discovered in the registration form in Rocket.Chat before 0.66.
network
low complexity
rocket-chat CWE-79
5.4
5.4
2018-07-11 CVE-2018-13878 Cross-site Scripting vulnerability in Rocket.Chat
An XSS issue was discovered in packages/rocketchat-mentions/Mentions.js in Rocket.Chat before 0.65.
network
low complexity
rocket-chat CWE-79
6.1
6.1
2018-07-11 CVE-2018-8326 Cross-site Scripting vulnerability in Microsoft web Customizations
A cross-site-scripting (XSS) vulnerability exists when an open source customization for Microsoft Active Directory Federation Services (AD FS) does not properly sanitize a specially crafted web request to an affected AD FS server, aka "Open Source Customization for Active Directory Federation Services XSS Vulnerability." This affects Web Customizations.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-07-11 CVE-2018-8323 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-07-11 CVE-2018-8299 Cross-site Scripting vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-07-10 CVE-2018-13865 Cross-site Scripting vulnerability in Idreamsoft Icms 7.0.9
An issue was discovered in idreamsoft iCMS 7.0.9.
network
low complexity
idreamsoft CWE-79
6.1
6.1
2018-07-10 CVE-2018-12462 Cross-site Scripting vulnerability in Netiq Imanager 3.1.1
NetIQ iManager 3.1.1 addresses potential XSS vulnerabilities.
network
low complexity
netiq CWE-79
6.1
6.1