Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-03-15 CVE-2018-8722 Cross-site Scripting vulnerability in Zohocorp Manageengine Desktop Central 9.1.0
Zoho ManageEngine Desktop Central version 9.1.0 build 91099 has multiple XSS issues that were fixed in build 92026.
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-03-15 CVE-2018-8721 Cross-site Scripting vulnerability in Zohocorp Manageengine Eventlog Analyzer 11.0
Zoho ManageEngine EventLog Analyzer version 11.0 build 11000 has Stored XSS related to the index2.do?url=editAlertForm&tab=alert&alert=profile URI and the Edit Alert Profile screen
network
low complexity
zohocorp CWE-79
6.1
6.1
2018-03-15 CVE-2018-7707 Cross-site Scripting vulnerability in Securenvoy Securmail
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via an HTML-formatted e-mail message.
network
low complexity
securenvoy CWE-79
6.1
6.1
2018-03-15 CVE-2018-7703 Cross-site Scripting vulnerability in Securenvoy Securmail
Cross-site scripting (XSS) vulnerability in SecurEnvoy SecurMail before 9.2.501 allows remote attackers to inject arbitrary web script or HTML via the mailboxid parameter to secmail/getmessage.exe.
network
low complexity
securenvoy CWE-79
6.1
6.1
2018-03-14 CVE-2018-2399 Cross-site Scripting vulnerability in SAP Process Monitoring Infrastructure
Cross-Site Scripting in Process Monitoring Infrastructure, from 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, due to inefficient encoding of user controlled inputs.
network
low complexity
sap CWE-79
6.1
6.1
2018-03-14 CVE-2018-2397 Cross-site Scripting vulnerability in SAP Businessobjects Business Intelligence Platform
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
network
low complexity
sap CWE-79
5.4
5.4
2018-03-14 CVE-2018-7508 Cross-site Scripting vulnerability in Osisoft PI Vision and PI web API
A Cross-site Scripting issue was discovered in OSIsoft PI Web API versions 2017 R2 and prior.
network
low complexity
osisoft CWE-79
6.1
6.1
2018-03-14 CVE-2018-7504 Cross-site Scripting vulnerability in Osisoft PI Vision 2017
A Protection Mechanism Failure issue was discovered in OSIsoft PI Vision versions 2017 and prior.
network
low complexity
osisoft CWE-79
6.1
6.1
2018-03-14 CVE-2018-0947 Cross-site Scripting vulnerability in Microsoft Sharepoint Enterprise Server 2013/2016
Microsoft SharePoint Foundation 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allow an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
network
low complexity
microsoft CWE-79
8.8
8.8
2018-03-14 CVE-2018-0944 Cross-site Scripting vulnerability in Microsoft Project Server and Sharepoint Enterprise Server
Microsoft Project Server 2013 SP1 and Microsoft SharePoint Enterprise Server 2016 allows an elevation of privilege vulnerability to due how specially crafted web requests are sanitized, aka "Microsoft SharePoint Elevation of Privilege Vulnerability".
network
low complexity
microsoft CWE-79
8.8
8.8