Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-05-11 CVE-2018-6362 Cross-site Scripting vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the domainop action parameter, as demonstrated by reading the PHPSESSID cookie.
network
low complexity
ehcp CWE-79
6.1
6.1
2018-05-11 CVE-2018-6361 Cross-site Scripting vulnerability in Ehcp Easy Hosting Control Panel 0.37.12.B
Easy Hosting Control Panel (EHCP) v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account.
network
low complexity
ehcp CWE-79
6.1
6.1
2018-05-11 CVE-2018-5303 Cross-site Scripting vulnerability in Impinj R420 Rfid Reader Firmware
An issue was discovered on the Impinj Speedway Connect R420 RFID Reader before 2.2.2.
network
low complexity
impinj CWE-79
5.4
5.4
2018-05-11 CVE-2018-10580 Cross-site Scripting vulnerability in Latest Posts on Profile Project Latest Posts on Profile 1.1
The "Latest Posts on Profile" plugin 1.1 for MyBB has XSS because there is an added section in a user profile that displays that user's most recent posts without sanitizing the tsubject (aka thread subject) field.
network
low complexity
latest-posts-on-profile-project CWE-79
5.4
5.4
2018-05-10 CVE-2018-10803 Cross-site Scripting vulnerability in Zohocorp Manageengine Netflow Analyzer
Cross-site scripting (XSS) vulnerability in the add credentials functionality in Zoho ManageEngine NetFlow Analyzer v12.3 before 12.3.125 (build 123125) allows remote attackers to inject arbitrary web script or HTML via a crafted description value.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-05-10 CVE-2018-8915 Cross-site Scripting vulnerability in Synology Calendar
Cross-site scripting (XSS) vulnerability in Notification Center in Synology Calendar before 2.1.1-0502 allows remote authenticated users to inject arbitrary web script or HTML via title parameter.
network
low complexity
synology CWE-79
5.4
5.4
2018-05-10 CVE-2018-8910 Cross-site Scripting vulnerability in Synology Drive Server 1.0.010240
Cross-site scripting (XSS) vulnerability in Attachment Preview in Synology Drive before 1.0.1-10253 allows remote authenticated users to inject arbitrary web script or HTML via malicious attachments.
network
low complexity
synology CWE-79
5.4
5.4
2018-05-10 CVE-2018-9111 Cross-site Scripting vulnerability in Foxconn Ap-Fc4064-T Firmware Apgtb385.8.3Lb15W47Lte
Cross Site Scripting (XSS) exists on the Foxconn FEMTO AP-FC4064-T AP_GT_B38_5.8.3lb15-W47 LTE Build 15 via the configuration of a user account.
network
low complexity
foxconn CWE-79
5.4
5.4
2018-05-10 CVE-2018-10314 Cross-site Scripting vulnerability in Opmantek Open-Audit 2.2.0
Cross-site scripting (XSS) vulnerability in Open-AudIT Community 2.2.0 allows remote attackers to inject arbitrary web script or HTML via a crafted name of a component, as demonstrated by the action parameter in the Discover -> Audit Scripts -> List Scripts -> Download section.
network
low complexity
opmantek CWE-79
5.4
5.4
2018-05-09 CVE-2018-8168 Cross-site Scripting vulnerability in Microsoft Sharepoint Server 2010/2013
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint Server, Microsoft SharePoint.
network
low complexity
microsoft CWE-79
5.4
5.4