Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2018-06-14	CVE-2018-8254	Cross-site Scripting vulnerability in Microsoft products An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. network microsoft CWE-79	3.5
2018-06-14	CVE-2018-8252	Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. network microsoft CWE-79	3.5
2018-06-14	CVE-2018-8247	Cross-site Scripting vulnerability in Microsoft Office Online Server and Office web Apps An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. network microsoft CWE-79	5.8
2018-06-13	CVE-2018-12355	Cross-site Scripting vulnerability in ENG Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. network knowage-suite CWE-79	4.3
2018-06-13	CVE-2018-12353	Cross-site Scripting vulnerability in Knowage-Suite Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. network knowage-suite CWE-79	4.3
2018-06-13	CVE-2018-12040	Cross-site Scripting vulnerability in Sensiolabs Symfony 3.3.6 Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. network low complexity sensiolabs CWE-79	6.1
2018-06-13	CVE-2018-12339	Cross-site Scripting vulnerability in Articlecms Project Articlecms 20170219 ArticleCMS through 2017-02-19 has XSS via an "add an article" action. network articlecms-project CWE-79	3.5
2018-06-13	CVE-2018-11688	Cross-site Scripting vulnerability in Igniterealtime Openfire 3.7.1 Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. network igniterealtime CWE-79	4.3
2018-06-13	CVE-2018-12290	Cross-site Scripting vulnerability in Yii2-Statemachine 2.X.X The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. network yii2-statemachine CWE-79	4.3
2018-06-13	CVE-2018-5432	Cross-site Scripting vulnerability in Tibco Administrator The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. network tibco CWE-79	3.5