Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-04-16 CVE-2015-1952 Cross-site Scripting vulnerability in IBM Security Appscan
Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
ibm CWE-79
5.4
5.4
2018-04-16 CVE-2018-10128 Cross-site Scripting vulnerability in Xyhcms Project Xyhcms 3.5
An issue was discovered in XYHCMS 3.5.
network
low complexity
xyhcms-project CWE-79
6.1
6.1
2018-04-16 CVE-2018-0551 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.1 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
5.4
2018-04-16 CVE-2018-0549 Cross-site Scripting vulnerability in Cybozu Garoon
Cross-site scripting vulnerability in Cybozu Garoon 3.0.0 to 4.6.0 allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
cybozu CWE-79
5.4
5.4
2018-04-16 CVE-2018-0532 Cross-site Scripting vulnerability in Cybozu Garoon
Cybozu Garoon 3.0.0 to 4.2.6 allows remote authenticated attackers to bypass access restriction to alter setting data of the Standard database via unspecified vectors.
network
low complexity
cybozu CWE-79
2.7
2.7
2018-04-16 CVE-2018-9169 Cross-site Scripting vulnerability in Zblogcn Z-Blogphp 1.5.1
Z-BlogPHP 1.5.1 has XSS via the zb_users/plugin/AppCentre/plugin_edit.php app_id parameter.
network
low complexity
zblogcn CWE-79
4.8
4.8
2018-04-16 CVE-2018-10121 Cross-site Scripting vulnerability in Monstra 3.0.4
plugins/box/pages/pages.admin.php in Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the title section of an admin/index.php?id=pages&action=edit_page&name=error404 (aka Edit 404 page) action.
network
low complexity
monstra CWE-79
4.8
4.8
2018-04-16 CVE-2018-10118 Cross-site Scripting vulnerability in Monstra 3.0.4
Monstra CMS 3.0.4 has Stored XSS via the Name field on the Create New Page screen under the admin/index.php?id=pages URI, related to plugins/box/pages/pages.admin.php.
network
low complexity
monstra CWE-79
4.8
4.8
2018-04-16 CVE-2018-10109 Cross-site Scripting vulnerability in Monstra 3.0.4
Monstra CMS 3.0.4 has a stored XSS vulnerability when an attacker has access to the editor role, and enters the payload in the content section of a new page in the blog catalog.
network
low complexity
monstra CWE-79
4.8
4.8
2018-04-16 CVE-2018-10108 Cross-site Scripting vulnerability in Dlink Dir-815 Firmware
D-Link DIR-815 REV.
network
low complexity
dlink CWE-79
6.1
6.1