Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-05 | CVE-2018-3764 | Cross-site Scripting vulnerability in Nextcloud Contacts In Nextcloud Contacts before 2.1.2, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. | 4.8 |
| 2018-07-05 | CVE-2018-3763 | Cross-site Scripting vulnerability in Nextcloud Calendar In Nextcloud Calendar before 1.5.8 and 1.6.1, a missing sanitization of search results for an autocomplete field could lead to a stored XSS requiring user-interaction. | 4.8 |
| 2018-07-05 | CVE-2018-8928 | Cross-site Scripting vulnerability in Synology Carddav Server Cross-site scripting (XSS) vulnerability in Address Book Editor in Synology CardDAV Server before 6.0.8-0086 allows remote authenticated users to inject arbitrary web script or HTML via the (1) family_name, (2) given_name, or (3) additional_name parameter. | 5.4 |
| 2018-07-05 | CVE-2015-9260 | Cross-site Scripting vulnerability in Bedita An issue was discovered in BEdita before 3.7.0. | 5.4 |
| 2018-07-04 | CVE-2018-13136 | Cross-site Scripting vulnerability in Ultimatemember Ultimate Member The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | 6.1 |
| 2018-07-04 | CVE-2018-13134 | Cross-site Scripting vulnerability in Tp-Link Archer C1200 Firmware 1.13 TP-Link Archer C1200 1.13 Build 2018/01/24 rel.52299 EU devices have XSS via the PATH_INFO to the /webpages/data URI. | 6.1 |
| 2018-07-03 | CVE-2018-9337 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS web interface administration page in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.17 and earlier, PAN-OS 8.0.10 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | 5.4 |
| 2018-07-03 | CVE-2018-9335 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os The PAN-OS session browser in PAN-OS 6.1.20 and earlier, PAN-OS 7.1.16 and earlier, PAN-OS 8.0.9 and earlier, and PAN-OS 8.1.1 and earlier may allow an attacker to inject arbitrary JavaScript or HTML. | 5.4 |
| 2018-07-03 | CVE-2018-7636 | Cross-site Scripting vulnerability in Paloaltonetworks Pan-Os 8.0.10 The URL filtering "continue page" hosted by PAN-OS 8.0.10 and earlier may allow an attacker to inject arbitrary JavaScript or HTML via specially crafted URLs. | 6.1 |
| 2018-07-03 | CVE-2018-3748 | Cross-site Scripting vulnerability in Glance Project Glance 3.0.5 There is a Stored XSS vulnerability in the glance node module versions <= 3.0.5. | 6.1 |