Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-13 | CVE-2018-12040 | Cross-site Scripting vulnerability in Sensiolabs Symfony 3.3.6 Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. | 6.1 |
| 2018-06-13 | CVE-2018-12339 | Cross-site Scripting vulnerability in Articlecms Project Articlecms 1.0/20170219 ArticleCMS through 2017-02-19 has XSS via an "add an article" action. | 5.4 |
| 2018-06-13 | CVE-2018-11688 | Cross-site Scripting vulnerability in Igniterealtime Openfire 3.7.1 Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 6.1 |
| 2018-06-13 | CVE-2018-12290 | Cross-site Scripting vulnerability in Yii2-Statemachine 2.X.X The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. | 6.1 |
| 2018-06-13 | CVE-2018-5432 | Cross-site Scripting vulnerability in Tibco Administrator The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. | 5.4 |
| 2018-06-13 | CVE-2018-12273 | Cross-site Scripting vulnerability in Ximdex 4.0 The /edit URI in the DMS component in Ximdex 4.0 has XSS via the Ciudad or Nombre parameter. | 6.1 |
| 2018-06-13 | CVE-2018-12272 | Cross-site Scripting vulnerability in Ximdex 4.0 xowl/request.php in Ximdex 4.0 has XSS via the content parameter. | 6.1 |
| 2018-06-13 | CVE-2018-12266 | Cross-site Scripting vulnerability in Hongcms Project Hongcms 3.0.0 system\errors\404.php in HongCMS 3.0.0 has XSS via crafted input that triggers a 404 HTTP status code. | 6.1 |
| 2018-06-12 | CVE-2018-12229 | Cross-site Scripting vulnerability in SFU Open Journal System Cross-site scripting (XSS) vulnerability in Public Knowledge Project (PKP) Open Journal System (OJS) 3.0.0 to 3.1.1-1 allows remote attackers to inject arbitrary web script or HTML via the templates/frontend/pages/search.tpl parameter (aka the By Author field). | 6.1 |
| 2018-06-11 | CVE-2018-5175 | Cross-site Scripting vulnerability in multiple products A mechanism to bypass Content Security Policy (CSP) protections on sites that have a "script-src" policy of "'strict-dynamic'". | 6.1 |