Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-20 | CVE-2015-7460 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-03-20 | CVE-2015-7459 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-03-20 | CVE-2015-7458 | Cross-site Scripting vulnerability in IBM Connections Cross-site scripting (XSS) vulnerability in IBM Connections 3.0.1.1 and earlier, 4.0, 4.5, and 5.0 before CR4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-03-20 | CVE-2014-1665 | Cross-site Scripting vulnerability in Owncloud Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file. | 5.4 |
| 2018-03-20 | CVE-2018-8815 | Cross-site Scripting vulnerability in Alkacon Opencms 10.5.3 Cross-site scripting (XSS) vulnerability in the gallery function in Alkacon OpenCMS 10.5.3 allows remote attackers to inject arbitrary web script or HTML via a malicious SVG image. | 4.6 |
| 2018-03-20 | CVE-2018-8805 | Cross-site Scripting vulnerability in Yxcms 1.4.7 Yxcms building system (compatible cell phone) v1.4.7 has XSS via the content parameter to protected\apps\default\view\default\extend_guestbook.php or protected\apps\default\view\mobile\extend_guestbook.php in an index.php?r=default/column/index&col=guestbook request. | 6.1 |
| 2018-03-19 | CVE-2018-5233 | Cross-site Scripting vulnerability in Getgrav Grav CMS Cross-site scripting (XSS) vulnerability in system/src/Grav/Common/Twig/Twig.php in Grav CMS before 1.3.0 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/tools. | 6.1 |
| 2018-03-19 | CVE-2014-2297 | Cross-site Scripting vulnerability in Videowhisper Live Streaming Integration 4.29.6 Multiple cross-site scripting (XSS) vulnerabilities in the VideoWhisper Live Streaming Integration plugin 4.29.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) n parameter to ls/htmlchat.php or (2) bgcolor parameter to ls/index.php. | 6.1 |
| 2018-03-19 | CVE-2018-8732 | Cross-site Scripting vulnerability in Wampserver 3.1.1 Cross-site scripting (XSS) vulnerability in WampServer 3.1.1 allows remote attackers to inject arbitrary web script or HTML via the virtual_del parameter. | 5.4 |
| 2018-03-19 | CVE-2018-6842 | Cross-site Scripting vulnerability in Kentico CMS Kentico 10 before 10.0.50 and 11 before 11.0.3 has XSS in which a crafted URL results in improper construction of a system page. | 5.4 |