Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-04-02 | CVE-2018-6659 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Reflected Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) 5.3.2, 5.3.1, 5.3.0 and 5.9.0 allows remote authenticated users to exploit an XSS issue via not sanitizing the user input. | 5.4 |
| 2018-04-02 | CVE-2018-9183 | Cross-site Scripting vulnerability in Joomsky JS Jobs The Joom Sky JS Jobs extension before 1.2.1 for Joomla! has XSS. | 5.4 |
| 2018-04-02 | CVE-2018-9163 | Cross-site Scripting vulnerability in Zohocorp Manageengine Recovery Manager Plus A stored Cross-site scripting (XSS) vulnerability in Zoho ManageEngine Recovery Manager Plus before 5.3 (Build 5350) allows remote authenticated users (with Add New Technician permissions) to inject arbitrary web script or HTML via the loginName field to technicianAction.do. | 5.4 |
| 2018-04-02 | CVE-2018-9173 | Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.13 Cross-site scripting (XSS) vulnerability in admin/template/js/uploadify/uploadify.swf in GetSimple CMS 3.3.13 allows remote attackers to inject arbitrary web script or HTML, as demonstrated by the movieName parameter. | 6.1 |
| 2018-04-01 | CVE-2018-9172 | Cross-site Scripting vulnerability in Iptanus Wordpress File Upload The Iptanus WordPress File Upload plugin before 4.3.3 for WordPress mishandles shortcode attributes. | 5.4 |
| 2018-03-30 | CVE-2018-7203 | Cross-site Scripting vulnerability in Lynxtechnology Twonky Server Cross-site scripting (XSS) vulnerability in Twonky Server 7.0.11 through 8.5 allows remote attackers to inject arbitrary web script or HTML via the friendlyname parameter to rpc/set_all. | 6.1 |
| 2018-03-30 | CVE-2018-1233 | Cross-site Scripting vulnerability in RSA Authentication Agent for web 8.0/8.0.1 RSA Authentication Agent version 8.0.1 and earlier for Web for both IIS and Apache Web Server are affected by a cross-site scripting vulnerability. | 6.1 |
| 2018-03-30 | CVE-2018-3821 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions after 5.1.1 and before 5.6.7 and 6.1.3 had a cross-site scripting (XSS) vulnerability in the tag cloud visualization that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3820 | Cross-site Scripting vulnerability in Elastic Kibana 6.1.1/6.1.2 Kibana versions after 6.1.0 and before 6.1.3 had a cross-site scripting (XSS) vulnerability in labs visualizations that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |
| 2018-03-30 | CVE-2018-3818 | Cross-site Scripting vulnerability in Elastic Kibana Kibana versions 5.1.1 to 6.1.2 and 5.6.6 had a cross-site scripting (XSS) vulnerability via the colored fields formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | 6.1 |