Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2018-04-07	CVE-2018-9330	Cross-site Scripting vulnerability in Coremail XT 3.0 register.jsp in Coremail XT3.0 allows stored XSS, as demonstrated by the third form field to a URI under register/, a different vulnerability than CVE-2015-6942. network low complexity coremail CWE-79	5.4
2018-04-07	CVE-2018-9844	Cross-site Scripting vulnerability in Iptanus Wordpress File Upload The Iptanus WordPress File Upload plugin before 4.3.4 for WordPress mishandles Settings attributes, leading to XSS. network low complexity iptanus CWE-79	6.1
2018-04-06	CVE-2017-18098	Cross-site Scripting vulnerability in Atlassian Jira The searchrequest-xml resource in Atlassian Jira before version 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through various fields. network low complexity atlassian CWE-79	6.1
2018-04-06	CVE-2017-18097	Cross-site Scripting vulnerability in Atlassian Jira The Trello board importer resource in Atlassian Jira before version 7.6.1 allows remote attackers who can convince a Jira administrator to import their Trello board to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the title of a Trello card. network low complexity atlassian CWE-79	5.4
2018-04-05	CVE-2018-9328	Cross-site Scripting vulnerability in Redbus Clone Script Project Redbus Clone Script 3.0.6 PHP Scripts Mall Redbus Clone Script 3.0.6 has XSS via the ter_from or tag parameter to results.php. network low complexity redbus-clone-script-project CWE-79	6.1
2018-04-05	CVE-2018-9244	Cross-site Scripting vulnerability in Gitlab GitLab Community and Enterprise Editions version 9.2 up to 10.4 are vulnerable to XSS because a lack of input validation in the milestones component leads to cross site scripting (specifically, data-milestone-id in the milestone dropdown feature). network low complexity gitlab CWE-79	6.1
2018-04-05	CVE-2018-9243	Cross-site Scripting vulnerability in Gitlab GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). network low complexity gitlab CWE-79	6.1
2018-04-05	CVE-2018-7035	Cross-site Scripting vulnerability in Gleezcms Gleez CMS 1.2.0/2.0 Cross-site scripting (XSS) vulnerability in Gleez CMS 1.2.0 and 2.0 might allow remote attackers (users) to inject JavaScript via HTML content in an editor, which will result in Stored XSS when an Administrator tries to edit the same content, as demonstrated by use of the source editor for HTML mode in an Add Blog action. network low complexity gleezcms CWE-79	5.4
2018-04-05	CVE-2018-1000154	Cross-site Scripting vulnerability in Zammad Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. network low complexity zammad CWE-79	6.1
2018-04-05	CVE-2018-1000144	Cross-site Scripting vulnerability in Jenkins Cucumber Living Documentation A cross site scripting vulnerability exists in Jenkins Cucumber Living Documentation Plugin 1.0.12 and older in CukedoctorBaseAction#doDynamic that disables the Content-Security-Policy protection for archived artifacts and workspace files, allowing attackers able to control the content of these files to attack Jenkins users. network low complexity jenkins CWE-79	6.1