Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-06-26 CVE-2018-1000543 Cross-site Scripting vulnerability in Rockiger Akiee 0.0.3
Akiee version 0.0.3 contains a XSS leading to code execution due to the use of node integration vulnerability in "Details" of a task is not validated that can result in XSS leading to abritrary code execution.
network
low complexity
rockiger CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000536 Cross-site Scripting vulnerability in Getmedis Medis
Medis version 0.6.1 and earlier contains a XSS vulnerability evolving into code execution due to enabled nodeIntegration for the renderer process vulnerability in Key name parameter on new key creation that can result in Unauthorized code execution in the victim's machine, within the rights of the running application.
network
low complexity
getmedis CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000534 Cross-site Scripting vulnerability in Joplin Project Joplin
Joplin version prior to 1.0.90 contains a XSS evolving into code execution due to enabled nodeIntegration for that particular BrowserWindow instance where XSS was identified from vulnerability in Note content field - information on the fix can be found here https://github.com/laurent22/joplin/commit/494e235e18659574f836f84fcf9f4d4fcdcfcf89 that can result in executing unauthorized code within the rights in which the application is running.
network
low complexity
joplin-project CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000529 Cross-site Scripting vulnerability in Grails Fields 2.2.7
Grails Fields plugin version 2.2.7 contains a Cross Site Scripting (XSS) vulnerability in Using the display tag that can result in XSS .
network
low complexity
grails CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000528 Cross-site Scripting vulnerability in multiple products
GONICUS GOsa version before commit 56070d6289d47ba3f5918885954dcceb75606001 contains a Cross Site Scripting (XSS) vulnerability in change password form (html/password.php, #308) that can result in injection of arbitrary web script or HTML.
network
low complexity
debian gonicus CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000521 Cross-site Scripting vulnerability in Bigtreecms Bigtree CMS 4.2.21
BigTree-CMS contains a Cross Site Scripting (XSS) vulnerability in /users/create that can result in The low-privileged users can use this vulnerability to attack high-privileged(Developer) users..
network
low complexity
bigtreecms CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000516 Cross-site Scripting vulnerability in Galaxyproject Galaxy 14.10
The Galaxy Project Galaxy version v14.10 contains a CWE-79: Improper Neutralization of Input During Web Page Generation vulnerability in Many templates used in the Galaxy server did not properly sanitize user's input, which would allow for cross-site scripting (XSS) attacks.
network
low complexity
galaxyproject CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000513 Cross-site Scripting vulnerability in Limesurvey 3.0.0
LimeSurvey version 3.0.0-beta.3+17110 contains a Cross Site Scripting (XSS) vulnerability in Boxes that can result in JS code execution against LimeSurvey admins.
network
low complexity
limesurvey CWE-79
4.8
4.8
2018-06-26 CVE-2018-1000512 Cross-site Scripting vulnerability in Tooltipy Project Tooltipy 5.0
Tooltipy Tooltipy (tooltips for WP) version 5 contains a Cross Site Scripting (XSS) vulnerability in Glossary shortcode that can result in could allow anybody to do almost anything an admin can.
network
low complexity
tooltipy-project CWE-79
6.1
6.1
2018-06-26 CVE-2018-1000508 Cross-site Scripting vulnerability in Wpulike Ulike 2.8.1/3.1
WP ULike version 2.8.1, 3.1 contains a Cross Site Scripting (XSS) vulnerability in Settings screen that can result in allows unauthorised users to do almost anything an admin can.
network
low complexity
wpulike CWE-79
4.8
4.8