Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-07 | CVE-2018-3717 | Cross-site Scripting vulnerability in Sencha Connect connect node module before 2.14.0 suffers from a Cross-Site Scripting (XSS) vulnerability due to a lack of validation of file in directory.js middleware. | 5.4 |
| 2018-06-07 | CVE-2018-3716 | Cross-site Scripting vulnerability in Simplehttpserver Project Simplehttpserver simplehttpserver node module suffers from a Cross-Site Scripting vulnerability to a lack of validation of file names. | 5.4 |
| 2018-06-06 | CVE-2018-11553 | Cross-site Scripting vulnerability in Sgin Xiangyun Platform 9.4.10 SGIN.CN xiangyun platform V9.4.10 has XSS via the login_url parameter to /login.php. | 6.1 |
| 2018-06-05 | CVE-2018-1000202 | Cross-site Scripting vulnerability in Jenkins Groovy Postbuild A persisted cross-site scripting vulnerability exists in Jenkins Groovy Postbuild Plugin 2.3.1 and older in various Jelly files that allows attackers able to control build badge content to define JavaScript that would be executed in another user's browser when that other user performs some UI actions. | 5.4 |
| 2018-06-05 | CVE-2017-7636 | Cross-site Scripting vulnerability in Qnap NAS Proxy Server Cross-site scripting (XSS) vulnerability in QNAP NAS application Proxy Server through version 1.2.0 allows remote attackers to inject arbitrary web script or HTML. | 6.1 |
| 2018-06-05 | CVE-2018-8924 | Cross-site Scripting vulnerability in Synology Office Cross-site scripting (XSS) vulnerability in Title Tootip in Synology Office before 3.0.3-2143 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
| 2018-06-05 | CVE-2018-8923 | Cross-site Scripting vulnerability in Synology File Station Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology File Station before 1.1.4-0122 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments. | 5.4 |
| 2018-06-05 | CVE-2016-9490 | Cross-site Scripting vulnerability in Manageengine Applications Manager 12.0/13.0 ManageEngine Applications Manager versions 12 and 13 before build 13200 suffer from a Reflected Cross-Site Scripting vulnerability. | 6.1 |
| 2018-06-05 | CVE-2018-11735 | Cross-site Scripting vulnerability in Ximdex 4.0 index.php?action=createaccount in Ximdex 4.0 has XSS via the sname or fname parameter. | 6.1 |
| 2018-06-05 | CVE-2017-18286 | Cross-site Scripting vulnerability in Nzedb 0.7.3.3 nZEDb v0.7.3.3 has XSS in the 404 error page. | 5.4 |