Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-30 | CVE-2018-3741 | Cross-site Scripting vulnerability in Rubyonrails Html Sanitizer There is a possible XSS vulnerability in all rails-html-sanitizer gem versions below 1.0.4 for Ruby. | 6.1 |
| 2018-03-30 | CVE-2018-9147 | Cross-site Scripting vulnerability in Gespage 7.5.7 Cross-site scripting (XSS) vulnerabilities in version 7.5.7 of Gespage software allow remote attackers to inject arbitrary web script or HTML via the email, passwd, and repasswd parameters to webapp/users/user_reg.jsp. | 6.1 |
| 2018-03-30 | CVE-2018-1390 | Cross-site Scripting vulnerability in IBM Financial Transaction Manager IBM Financial Transaction Manager for Check Services for Multi-Platform 3.0, 3.0.2, and 3.0.2.1 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-30 | CVE-2018-1384 | Cross-site Scripting vulnerability in IBM products IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-30 | CVE-2017-1767 | Cross-site Scripting vulnerability in IBM Business Process Manager IBM Business Process Manager 8.6 is vulnerable to cross-site scripting. | 5.4 |
| 2018-03-30 | CVE-2018-5799 | Cross-site Scripting vulnerability in Zohocorp Manageengine Servicedesk Plus In Zoho ManageEngine ServiceDesk Plus before 9403, an XSS issue allows an attacker to run arbitrary JavaScript via a /api/request/?OPERATION_NAME= URI, aka SD-69139. | 6.1 |
| 2018-03-30 | CVE-2018-9140 | Cross-site Scripting vulnerability in Samsung Mobile 6.0 On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747. | 6.1 |
| 2018-03-30 | CVE-2018-9130 | Cross-site Scripting vulnerability in Ibos 4.4.3 IBOS 4.4.3 has XSS via a company full name. | 6.1 |
| 2018-03-29 | CVE-2014-6604 | Cross-site Scripting vulnerability in Subscribe2 Project Subscribe2 Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip parameter. | 6.1 |
| 2018-03-29 | CVE-2018-6588 | Cross-site Scripting vulnerability in CA API Developer Portal 3.5 CA API Developer Portal 3.5 up to and including 3.5 CR5 has a reflected cross-site scripting vulnerability related to the apiExplorer. | 6.1 |