Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-06-20 | CVE-2018-6212 | Cross-site Scripting vulnerability in D-Link Dir-620 Firmware On D-Link DIR-620 devices with a certain customized (by ISP) variant of firmware 1.0.3, 1.0.37, 1.3.1, 1.3.3, 1.3.7, 1.4.0, and 2.0.22, a reflected Cross-Site Scripting (XSS) attack is possible as a result of missed filtration for special characters in the "Search" field and incorrect processing of the XMLHttpRequest object. | 6.1 |
| 2018-06-20 | CVE-2018-9036 | Cross-site Scripting vulnerability in Checksec Canopy 3.0.0/3.0.6 CheckSec Canopy 3.x before 3.0.7 has stored XSS via the Login Page Disclaimer, allowing attacks by low-privileged users against higher-privileged users. | 3.5 |
| 2018-06-19 | CVE-2018-12588 | Cross-site Scripting vulnerability in Public Knowledge Project Open Monograph Press Cross-site scripting (XSS) vulnerability in templates/frontend/pages/searchResults.tpl in Public Knowledge Project (PKP) Open Monograph Press (OMP) v1.2.0 through 3.1.1-2 before 3.1.1-3 allows remote attackers to inject arbitrary web script or HTML via the catalog.noTitlesSearch parameter (aka the Search field). | 4.3 |
| 2018-06-19 | CVE-2018-12580 | Cross-site Scripting vulnerability in Dragonbyte-Tech Vbsecurity library/DBTech/Security/Action/Sessions.php in DragonByte vBSecurity 3.x through 3.3.0 for vBulletin 3 and vBulletin 4 allows self-XSS via $session['user_agent'] in the "Login Sessions" feature. | 4.3 |
| 2018-06-18 | CVE-2018-9027 | Cross-site Scripting vulnerability in CA Privileged Access Manager 2.0 A reflected cross-site scripting vulnerability in CA Privileged Access Manager 2.x allows remote attackers to execute malicious script with a specially crafted link. | 4.3 |
| 2018-06-17 | CVE-2018-12104 | Cross-site Scripting vulnerability in Airbnb Knowledge Repo 0.7.4 Cross-site scripting (XSS) vulnerability in Airbnb Knowledge Repo 0.7.4 allows remote attackers to inject arbitrary web scripts or HTML via the post comments functionality, as demonstrated by the post/posts/new_report.kp URI. | 4.3 |
| 2018-06-17 | CVE-2018-12073 | Cross-site Scripting vulnerability in Eminent-Online Em4544 9.10 An issue was discovered on Eminent EM4544 9.10 devices. | 2.9 |
| 2018-06-17 | CVE-2018-11647 | Cross-site Scripting vulnerability in Oauth2Orize-Fprm Project Oauth2Orize-Fprm index.js in oauth2orize-fprm before 0.2.1 has XSS via a crafted URL. | 4.3 |
| 2018-06-16 | CVE-2018-12501 | Cross-site Scripting vulnerability in Nagios Fusion Nagios Fusion before 4.1.4 has XSS, aka TPS#13332-13335. | 4.3 |
| 2018-06-16 | CVE-2018-5754 | Cross-site Scripting vulnerability in Open-Xchange Appsuite Cross-site scripting (XSS) vulnerability in the office-web component in Open-Xchange OX App Suite before 7.8.3-rev12 and 7.8.4 before 7.8.4-rev9 allows remote attackers to inject arbitrary web script or HTML via a crafted presentation file, related to copying content to the clipboard. | 3.5 |