Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-04 | CVE-2018-11715 | Cross-site Scripting vulnerability in Recent Threads Project Recent Threads The Recent Threads plugin before 1.1 for MyBB allows XSS via a thread subject. | 5.4 |
| 2018-06-04 | CVE-2018-11709 | Cross-site Scripting vulnerability in Gvectors Wpforo Forum wpforo_get_request_uri in wpf-includes/functions.php in the wpForo Forum plugin before 1.4.12 for WordPress allows Unauthenticated Reflected Cross-Site Scripting (XSS) via the URI. | 6.1 |
| 2018-06-02 | CVE-2018-11564 | Cross-site Scripting vulnerability in Pagekit Stored XSS in YOOtheme Pagekit 1.0.13 and earlier allows a user to upload malicious code via the picture upload feature. | 4.8 |
| 2018-06-02 | CVE-2018-11522 | Cross-site Scripting vulnerability in Yosoro Project Yosoro 1.0.4 Yosoro 1.0.4 has stored XSS. | 6.1 |
| 2018-06-01 | CVE-2018-3755 | Cross-site Scripting vulnerability in Sexstatic Project Sexstatic 0.6.0/0.6.2 XSS in sexstatic <=0.6.2 causes HTML injection in directory name(s) leads to Stored XSS when malicious file is embed with <iframe> element used in directory name. | 6.1 |
| 2018-06-01 | CVE-2018-11581 | Cross-site Scripting vulnerability in Brother Hl-L2340D Firmware and Hl-L2380Dw Firmware Cross-site scripting (XSS) vulnerability on Brother HL series printers allows remote attackers to inject arbitrary web script or HTML via the url parameter to etc/loginerror.html. | 4.8 |
| 2018-06-01 | CVE-2018-11552 | Cross-site Scripting vulnerability in NCH Axon PBX 2.02 There is a reflected XSS vulnerability in AXON PBX 2.02 via the "AXON->Auto-Dialer->Agents->Name" field. | 6.1 |
| 2018-06-01 | CVE-2018-10382 | Cross-site Scripting vulnerability in Modx Revolution 2.6.3 MODX Revolution 2.6.3 has XSS. | 5.4 |
| 2018-06-01 | CVE-2018-11628 | Cross-site Scripting vulnerability in Emssoftware EMS Master Calendar Data input into EMS Master Calendar before 8.0.0.201805210 via URL parameters is not properly sanitized, allowing malicious attackers to send a crafted URL for XSS. | 6.1 |
| 2018-06-01 | CVE-2018-11486 | Cross-site Scripting vulnerability in Multidots Advance Search for Woocommerce An issue was discovered in the MULTIDOTS Advance Search for WooCommerce plugin 1.0.9 and earlier for WordPress. | 6.1 |