Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-03-06 CVE-2018-7724 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /admin.php?page=photo-${photo_number} request.
network
low complexity
piwigo CWE-79
5.4
5.4
2018-03-06 CVE-2018-7723 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the virtual_name parameter in a /admin.php?page=cat_list request, a different issue than CVE-2017-9836.
network
low complexity
piwigo CWE-79
5.4
5.4
2018-03-06 CVE-2018-7722 Cross-site Scripting vulnerability in Piwigo 2.9.3
The management panel in Piwigo 2.9.3 has stored XSS via the name parameter in a /ws.php?format=json request.
network
low complexity
piwigo CWE-79
5.4
5.4
2018-03-06 CVE-2017-9786 Cross-site Scripting vulnerability in Projectsend
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in My account Name updated, related to home.php and actions-log.php.
network
low complexity
projectsend CWE-79
6.1
6.1
2018-03-06 CVE-2017-9783 Cross-site Scripting vulnerability in Projectsend
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) before commit 6c3710430be26feb5371cb0377e5355d6f9a27ca allows remote attackers to inject arbitrary web script or HTML via the Description field in a Site name updated.
network
low complexity
projectsend CWE-79
6.1
6.1
2018-03-06 CVE-2018-7650 Cross-site Scripting vulnerability in HOT Scripts Clone Project HOT Scripts Clone 3.1
PHP Scripts Mall Hot Scripts Clone:Script Classified Version 3.1 Application is vulnerable to stored XSS within the "Add New" function for a Management User.
network
low complexity
hot-scripts-clone-project CWE-79
4.8
4.8
2018-03-05 CVE-2018-7717 Cross-site Scripting vulnerability in Kubik-Rubik Simple Image Gallery Extended
The htmlImageAddTitleAttribute function in sige.php in the Kubik-Rubik Simple Image Gallery Extended (SIGE) extension 3.2.3 for Joomla! has XSS via a crafted image header, as demonstrated by the Caption-Abstract header object in a JPEG file.
network
low complexity
kubik-rubik CWE-79
6.1
6.1
2018-03-05 CVE-2017-18217 Cross-site Scripting vulnerability in Invoiceplane
An issue was discovered in InvoicePlane before 1.5.5.
network
low complexity
invoiceplane CWE-79
6.1
6.1
2018-03-05 CVE-2017-7437 Cross-site Scripting vulnerability in Netiq Privileged Account Manager 3.1
NetIQ Privileged Account Manager before 3.1 Patch Update 3 allowed cross site scripting attacks via the "type" and "account" parameters of json requests.
network
low complexity
netiq CWE-79
6.1
6.1
2018-03-05 CVE-2017-7427 Cross-site Scripting vulnerability in Netiq Identity Manager 4.5/4.6
Multiple cross site scripting attacks were found in the Identity Manager Plug-in, hosted on iManager 2.7.7.7, before Identity Manager 4.6.1.
network
low complexity
netiq CWE-79
6.1
6.1