Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-08 | CVE-2018-12047 | Cross-site Scripting vulnerability in Ximdex 4.0 xfind/search in Ximdex 4.0 has XSS via the filter[n][value] parameters for non-negative values of n, as demonstrated by n equal to 0 through 12. | 6.1 |
| 2018-06-07 | CVE-2018-0357 | Cross-site Scripting vulnerability in Cisco Webex Meetings 1.3.5 A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |
| 2018-06-07 | CVE-2018-0356 | Cross-site Scripting vulnerability in Cisco Webex Meetings T32 A vulnerability in the web framework of Cisco WebEx could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |
| 2018-06-07 | CVE-2018-0354 | Cross-site Scripting vulnerability in Cisco Unity Connection 12.5 A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of an affected system. | 6.1 |
| 2018-06-07 | CVE-2018-0340 | Cross-site Scripting vulnerability in Cisco Unified Communications Manager A vulnerability in the web framework of the Cisco Unified Communications Manager (Unified CM) software could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against the user of the web interface of the affected system. | 5.4 |
| 2018-06-07 | CVE-2018-0339 | Cross-site Scripting vulnerability in Cisco Identity Services Engine Software 2.3(0.298)/2.4(0.126) A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface. | 6.1 |
| 2018-06-07 | CVE-2018-0149 | Cross-site Scripting vulnerability in Cisco Integrated Management Controller Supervisor 2.1(0.2)/2.2(0.2) A vulnerability in the web-based management interface of Cisco Integrated Management Controller Supervisor Software and Cisco UCS Director Software could allow an authenticated, remote attacker to conduct a Document Object Model-based (DOM-based), stored cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device. | 4.8 |
| 2018-06-07 | CVE-2018-12043 | Cross-site Scripting vulnerability in Getsymphony Symphony 2.7.6 content/content.blueprintspages.php in Symphony 2.7.6 has XSS via the pages content page. | 6.1 |
| 2018-06-07 | CVE-2018-3735 | Cross-site Scripting vulnerability in Bracket-Template Project Bracket-Template bracket-template suffers from reflected XSS possible when variable passed via GET parameter is used in template | 6.1 |
| 2018-06-07 | CVE-2018-3726 | Cross-site Scripting vulnerability in Crud-File-Server Project Crud-File-Server crud-file-server node module before 0.8.0 suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | 6.1 |