Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-06-14 CVE-2018-11690 Cross-site Scripting vulnerability in Balbooa Gridbox
The Balbooa Gridbox extension version 2.4.0 and previous versions for Joomla! is vulnerable to cross-site scripting, caused by improper validation of user-supplied input.
network
low complexity
balbooa CWE-79
6.1
6.1
2018-06-14 CVE-2018-11689 Cross-site Scripting vulnerability in multiple products
Web Viewer for Hanwha DVR 2.17 and Smart Viewer in Samsung Web Viewer for Samsung DVR are vulnerable to XSS via the /cgi-bin/webviewer_login_page data3 parameter.
network
low complexity
samsung hanwha-security CWE-79
6.1
6.1
2018-06-14 CVE-2018-4848 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200 switch family (incl.
network
low complexity
siemens CWE-79
6.1
6.1
2018-06-14 CVE-2018-4842 Cross-site Scripting vulnerability in Siemens products
A vulnerability has been identified in SCALANCE X-200IRT switch family (incl.
network
low complexity
siemens CWE-79
4.8
4.8
2018-06-14 CVE-2018-10821 Cross-site Scripting vulnerability in Blackcat-Cms Blackcat CMS 1.3
Cross-site scripting (XSS) vulnerability in backend/pages/modify.php in BlackCatCMS 1.3 allows remote authenticated users with the Admin role to inject arbitrary web script or HTML via the search panel.
network
low complexity
blackcat-cms CWE-79
4.8
4.8
2018-06-14 CVE-2018-8254 Cross-site Scripting vulnerability in Microsoft products
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-06-14 CVE-2018-8252 Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-06-14 CVE-2018-8247 Cross-site Scripting vulnerability in Microsoft Office Online Server and Office web Apps
An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server.
network
low complexity
microsoft CWE-79
5.4
5.4
2018-06-13 CVE-2018-12355 Cross-site Scripting vulnerability in ENG Knowage 6.1.1
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue.
network
low complexity
eng CWE-79
6.1
6.1
2018-06-13 CVE-2018-12353 Cross-site Scripting vulnerability in Knowage-Suite Knowage 6.1.1
Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue.
network
low complexity
knowage-suite CWE-79
6.1
6.1