Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-13 | CVE-2018-1000084 | Cross-site Scripting vulnerability in Wolfcms Wolf CMS 0.8.3.1 WOlfCMS WolfCMS version version 0.8.3.1 contains a Stored Cross-Site Scripting vulnerability in Layout Name (from Layout tab) that can result in low privilege user can steal the cookie of admin user and compromise the admin account. | 5.4 |
| 2018-03-13 | CVE-2018-1000078 | Cross-site Scripting vulnerability in multiple products RubyGems version Ruby 2.2 series: 2.2.9 and earlier, Ruby 2.3 series: 2.3.6 and earlier, Ruby 2.4 series: 2.4.3 and earlier, Ruby 2.5 series: 2.5.0 and earlier, prior to trunk revision 62422 contains a Cross Site Scripting (XSS) vulnerability in gem server display of homepage attribute that can result in XSS. | 6.1 |
| 2018-03-13 | CVE-2018-1000113 | Cross-site Scripting vulnerability in Jenkins Testlink A cross-site scripting vulnerability exists in Jenkins TestLink Plugin 2.12 and earlier in TestLinkBuildAction/summary.jelly and others that allow an attacker who can control e.g. | 5.4 |
| 2018-03-13 | CVE-2018-1000108 | Cross-site Scripting vulnerability in Jenkins Cppncss 1.0/1.1 A cross-site scripting vulnerability exists in Jenkins CppNCSS Plugin 1.1 and earlier in AbstractProjectAction/index.jelly that allow an attacker to craft links to Jenkins URLs that run arbitrary JavaScript in the user's browser when accessed. | 6.1 |
| 2018-03-13 | CVE-2018-8078 | Cross-site Scripting vulnerability in Yzmcms 3.7 YzmCMS 3.7 has Stored XSS via the title parameter to advertisement/adver/edit.html. | 5.4 |
| 2018-03-13 | CVE-2018-1000095 | Cross-site Scripting vulnerability in Redhat Ovirt-Engine oVirt version 4.2.0 to 4.2.2 contains a Cross Site Scripting (XSS) vulnerability in the name/description of VMs portion of the web admin application. | 4.8 |
| 2018-03-12 | CVE-2017-18228 | Cross-site Scripting vulnerability in BMC Remedy Action Request System Remedy Mid Tier in BMC Remedy AR System 9.1 allows XSS via the ATTKey parameter in an arsys/servlet/AttachServlet request. | 5.4 |
| 2018-03-12 | CVE-2018-7563 | Cross-site Scripting vulnerability in Glpi-Project Glpi An issue was discovered in GLPI through 9.2.1. | 6.1 |
| 2018-03-12 | CVE-2016-0261 | Cross-site Scripting vulnerability in IBM Care Management and Curam Social Program Management Cross-site scripting (XSS) vulnerability in IBM Curam Social Program Management 6.0.0 before SP2 EP29, 6.0.4 before 6.0.4.6 iFix3, 6.0.5 before 6.0.5.9 iFix2, 6.1.0 before 6.1.0.1 iFix1, and 6.1.1 before 6.1.1.1 iFix1; and IBM Care Management 6.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.4 |
| 2018-03-12 | CVE-2017-2661 | Cross-site Scripting vulnerability in Clusterlabs PCS ClusterLabs pcs before version 0.9.157 is vulnerable to a cross-site scripting vulnerability due to improper validation of Node name field when creating new cluster or adding existing cluster. | 6.1 |