Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-10 | CVE-2018-2410 | Cross-site Scripting vulnerability in SAP Business ONE 9.2/9.3 SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability. | 5.4 |
| 2018-04-10 | CVE-2018-2405 | Cross-site Scripting vulnerability in SAP Solution Manager 7.10/7.20 SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. | 5.4 |
| 2018-04-10 | CVE-2018-5227 | Cross-site Scripting vulnerability in Atlassian Application Links Various administrative application link resources in Atlassian Application Links before version 5.4.4 allow remote attackers with administration rights to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the display url of a configured application link. | 4.8 |
| 2018-04-10 | CVE-2017-18100 | Cross-site Scripting vulnerability in Atlassian Jira The agile wallboard gadget in Atlassian Jira before version 7.8.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the name of quick filters. | 6.1 |
| 2018-04-10 | CVE-2018-9928 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross-site scripting (XSS) vulnerability in save.php in MetInfo 6.0 allows remote attackers to inject arbitrary web script or HTML via the webname or weburl parameter. | 6.1 |
| 2018-04-10 | CVE-2018-9925 | Cross-site Scripting vulnerability in Icmsdev Icms An issue was discovered in idreamsoft iCMS through 7.0.7. | 5.4 |
| 2018-04-09 | CVE-2018-6182 | Cross-site Scripting vulnerability in Mahara Mahara 16.10 before 16.10.9 and 17.04 before 17.04.7 and 17.10 before 17.10.4 are vulnerable to bad input when TinyMCE is bypassed by POST packages. | 6.1 |
| 2018-04-09 | CVE-2018-9864 | Cross-site Scripting vulnerability in 3CX Live Chat The WP Live Chat Support plugin before 8.0.06 for WordPress has stored XSS via the Name field. | 6.1 |
| 2018-04-09 | CVE-2018-9857 | Cross-site Scripting vulnerability in Match Clone Script Project Match Clone Script 1.0.4 PHP Scripts Mall Match Clone Script 1.0.4 has XSS via the search field to searchbyid.php (aka the "View Search By Id" screen). | 6.1 |
| 2018-04-08 | CVE-2018-6905 | Cross-site Scripting vulnerability in Typo3 The page module in TYPO3 before 8.7.11, and 9.1.0, has XSS via $GLOBALS['TYPO3_CONF_VARS']['SYS']['sitename'], as demonstrated by an admin entering a crafted site name during the installation process. | 4.8 |