Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-03-07 | CVE-2018-7746 | Cross-site Scripting vulnerability in Cobub Razor 0.7.2 An issue was discovered in Western Bridge Cobub Razor 0.7.2. | 8.8 |
| 2018-03-07 | CVE-2014-8780 | Cross-site Scripting vulnerability in Jease 2.11 Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note. | 5.4 |
| 2018-03-07 | CVE-2018-7741 | Cross-site Scripting vulnerability in Eramba E1.0.6.033 Eramba e1.0.6.033 has Reflected XSS in the Date Filter via the created parameter to the /crons URI. | 6.1 |
| 2018-03-07 | CVE-2018-7721 | Cross-site Scripting vulnerability in Metinfo 6.0.0 Cross Site Scripting (XSS) exists in MetInfo 6.0.0 via /feedback/index.php because app/system/feedback/web/feedback.class.php mishandles input data. | 6.1 |
| 2018-03-07 | CVE-2017-11650 | Cross-site Scripting vulnerability in Draytek Vigorap 910C Firmware 1.2.0 Cross-site scripting (XSS) vulnerability in DrayTek Vigor AP910C devices with firmware 1.2.0_RC3 build r6594 allows remote attackers to inject arbitrary web script or HTML via vectors involving home.asp. | 6.1 |
| 2018-03-06 | CVE-2018-7736 | Cross-site Scripting vulnerability in Zblogcn Z-Blogphp 1.5.1.1740 In Z-BlogPHP 1.5.1.1740, cmd.php has XSS via the ZC_BLOG_SUBNAME parameter or ZC_UPLOAD_FILETYPE parameter. | 6.1 |
| 2018-03-06 | CVE-2018-6811 | Cross-site Scripting vulnerability in Citrix products Multiple cross-site scripting (XSS) vulnerabilities in Citrix NetScaler ADC 10.5, 11.0, 11.1, and 12.0, and NetScaler Gateway 10.5, 11.0, 11.1, and 12.0 allow remote attackers to inject arbitrary web script or HTML via the Citrix NetScaler interface. | 6.1 |
| 2018-03-06 | CVE-2018-6529 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/js/bsc_sms_inbox.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted Treturn parameter to soap.cgi. | 6.1 |
| 2018-03-06 | CVE-2018-6528 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/body/bsc_sms_send.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted receiver parameter to soap.cgi. | 6.1 |
| 2018-03-06 | CVE-2018-6527 | Cross-site Scripting vulnerability in Dlink products XSS vulnerability in htdocs/webinc/js/adv_parent_ctrl_map.php in D-Link DIR-868L DIR868LA1_FW112b04 and previous versions, DIR-865L DIR-865L_REVA_FIRMWARE_PATCH_1.08.B01 and previous versions, and DIR-860L DIR860LA1_FW110b04 and previous versions allows remote attackers to read a cookie via a crafted deviceid parameter to soap.cgi. | 6.1 |