Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-21 | CVE-2018-7681 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 allows JavaScript to be embedded in URLs placed in "Favorites" folder. | 4.8 |
| 2018-06-21 | CVE-2018-7680 | Cross-site Scripting vulnerability in Microfocus Solutions Business Manager Micro Focus Solutions Business Manager versions prior to 11.4 can reflect back HTTP header values. | 6.1 |
| 2018-06-21 | CVE-2018-1254 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager 8.0/8.3 RSA Authentication Manager Security Console, versions 8.3 P1 and earlier, contains a reflected cross-site scripting vulnerability. | 6.1 |
| 2018-06-21 | CVE-2018-1253 | Cross-site Scripting vulnerability in EMC RSA Authentication Manager RSA Authentication Manager Operation Console, versions 8.3 P1 and earlier, contains a stored cross-site scripting vulnerability. | 6.1 |
| 2018-06-21 | CVE-2017-13072 | Cross-site Scripting vulnerability in Qnap QTS 4.2.6/4.3.3/4.3.4 Cross-site scripting (XSS) vulnerability in App Center in QNAP QTS 4.2.6 build 20171208, QTS 4.3.3 build 20171213, QTS 4.3.4 build 20171223, and their earlier versions could allow remote attackers to inject Javascript code. | 6.1 |
| 2018-06-20 | CVE-2018-6212 | Cross-site Scripting vulnerability in D-Link Dir-620 Firmware On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | 6.1 |
| 2018-06-20 | CVE-2018-9036 | Cross-site Scripting vulnerability in Checksec Canopy 3.0.0/3.0.6 CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. | 4.8 |
| 2018-06-19 | CVE-2018-12588 | Cross-site Scripting vulnerability in Public Knowledge Project Open Monograph Press Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). | 6.1 |
| 2018-06-19 | CVE-2018-12580 | Cross-site Scripting vulnerability in Dragonbyte-Tech Vbsecurity 3.3.0 library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. | 6.1 |
| 2018-06-18 | CVE-2018-9027 | Cross-site Scripting vulnerability in CA Privileged Access Manager 2.0 A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 6.1 |