Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-01 | CVE-2018-8921 | Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240/1.0.110253 Cross-site scripting (XSS) vulnerability in File Sharing Notify Toast in Synology Drive before 1.0.2-10275 allows remote authenticated users to inject arbitrary web script or HTML via the malicious file name. | 5.4 |
| 2018-05-31 | CVE-2018-9186 | Cross-site Scripting vulnerability in Fortinet Fortiauthenticator A cross-site scripting (XSS) vulnerability in Fortinet FortiAuthenticator in versions 4.0.0 to before 5.3.0 "CSRF validation failure" page allows attacker to execute unauthorized script code via inject malicious scripts in HTTP referer header. | 6.1 |
| 2018-05-31 | CVE-2018-1496 | Cross-site Scripting vulnerability in IBM Content Navigator IBM Content Navigator 2.0.3, 3.0.0, 3.0.1, 3.0.2, and 3.0.3 is vulnerable to cross-site scripting. | 5.4 |
| 2018-05-31 | CVE-2018-10379 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 10.5.8, 10.6.x before 10.6.5, and 10.7.x before 10.7.2. | 6.1 |
| 2018-05-31 | CVE-2016-10549 | Cross-site Scripting vulnerability in Sailsjs Sails Sails is an MVC style framework for building realtime web applications. | 4.4 |
| 2018-05-31 | CVE-2016-10548 | Cross-site Scripting vulnerability in Reduce-Css-Calc Project Reduce-Css-Calc Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. | 6.1 |
| 2018-05-31 | CVE-2016-10547 | Cross-site Scripting vulnerability in Mozilla Nunjucks Nunjucks is a full featured templating engine for JavaScript. | 6.1 |
| 2018-05-31 | CVE-2016-10537 | Cross-site Scripting vulnerability in Backbone Project Backbone backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. | 5.4 |
| 2018-05-31 | CVE-2016-10531 | Cross-site Scripting vulnerability in Marked Project Marked marked is an application that is meant to parse and compile markdown. | 6.1 |
| 2018-05-31 | CVE-2014-10065 | Cross-site Scripting vulnerability in Remarkable Project Remarkable Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. | 6.1 |