Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-06-14 | CVE-2018-8254 | Cross-site Scripting vulnerability in Microsoft products An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft Project Server, Microsoft SharePoint. | 3.5 |
2018-06-14 | CVE-2018-8252 | Cross-site Scripting vulnerability in Microsoft Sharepoint Foundation and Sharepoint Server An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka "Microsoft SharePoint Elevation of Privilege Vulnerability." This affects Microsoft SharePoint. | 3.5 |
2018-06-14 | CVE-2018-8247 | Cross-site Scripting vulnerability in Microsoft Office Online Server and Office web Apps An elevation of privilege vulnerability exists when Office Web Apps Server 2013 and Office Online Server fail to properly handle web requests, aka "Microsoft Office Elevation of Privilege Vulnerability." This affects Microsoft Office, Microsoft Office Online Server. | 5.8 |
2018-06-13 | CVE-2018-12355 | Cross-site Scripting vulnerability in ENG Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name or description field to the "Olap Schemas' Catalogue" catalogue. | 4.3 |
2018-06-13 | CVE-2018-12353 | Cross-site Scripting vulnerability in Knowage-Suite Knowage 6.1.1 Knowage (formerly SpagoBI) 6.1.1 allows XSS via the name field to the "Business Model's Catalogue" catalogue. | 4.3 |
2018-06-13 | CVE-2018-12040 | Cross-site Scripting vulnerability in Sensiolabs Symfony 3.3.6 Reflected Cross-site scripting (XSS) vulnerability in the web profiler in SensioLabs Symfony 3.3.6 allows remote attackers to inject arbitrary web script or HTML via the "file" parameter, aka an _profiler/open?file= URI. | 6.1 |
2018-06-13 | CVE-2018-12339 | Cross-site Scripting vulnerability in Articlecms Project Articlecms 20170219 ArticleCMS through 2017-02-19 has XSS via an "add an article" action. | 3.5 |
2018-06-13 | CVE-2018-11688 | Cross-site Scripting vulnerability in Igniterealtime Openfire 3.7.1 Ignite Realtime Openfire before 3.9.2 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. | 4.3 |
2018-06-13 | CVE-2018-12290 | Cross-site Scripting vulnerability in Yii2-Statemachine 2.X.X The Yii2-StateMachine extension v2.x.x for Yii2 has XSS. | 4.3 |
2018-06-13 | CVE-2018-5432 | Cross-site Scripting vulnerability in Tibco Administrator The TIBCO Administrator server component of of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, and TIBCO Administrator - Enterprise Edition for z/Linux contains multiple vulnerabilities wherein a malicious user could theoretically perform cross-site scripting (XSS) attacks by way of manipulating artifacts prior to uploading them. | 3.5 |