Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-27 | CVE-2018-4876 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.1.0/6.2.0/6.3.0 Adobe Experience Manager versions 6.3, 6.2, and 6.1 are vulnerable to cross-site scripting via a bypass of the Sling XSSAPI#getValidHref function. | 6.1 |
| 2018-02-27 | CVE-2018-4875 | Cross-site Scripting vulnerability in Adobe Experience Manager 6.0.0/6.1.0 Adobe Experience Manager versions 6.1 and 6.0 are vulnerable to a reflected cross-site scripting vulnerability related to the handling of malicious content embedded in image files uploaded to the DAM. | 6.1 |
| 2018-02-26 | CVE-2018-0908 | Cross-site Scripting vulnerability in Microsoft Identity Manager 2016 Microsoft Identity Manager 2016 SP1 allows an attacker to gain elevated privileges when it does not properly sanitize a specially crafted attribute value being displayed to a user on an affected MIM 2016 server, aka "Microsoft Identity Manager XSS Elevation of Privilege Vulnerability." | 6.1 |
| 2018-02-26 | CVE-2017-9425 | Cross-site Scripting vulnerability in Facetag Project Facetag 0.0.3 The Facetag extension 0.0.3 for Piwigo allows XSS via the name parameter to ws.php in a facetag.changeTag action. | 6.1 |
| 2018-02-25 | CVE-2018-7476 | Cross-site Scripting vulnerability in Finecms 5.3.0 controllers/admin/Linkage.php in dayrui FineCms 5.3.0 has Cross Site Scripting (XSS) via the id or lid parameter in a c=linkage,m=import request to admin.php, because the xss_clean protection mechanism is defeated by crafted input that lacks a '<' or '>' character. | 6.1 |
| 2018-02-24 | CVE-2018-7447 | Cross-site Scripting vulnerability in Mojoportal mojoPortal through 2.6.0.0 is prone to multiple persistent cross-site scripting vulnerabilities because it fails to sanitize user-supplied input. | 4.8 |
| 2018-02-23 | CVE-2018-0519 | Cross-site Scripting vulnerability in FSI Fs010W Firmware 1.3.0 Cross-site scripting vulnerability in FS010W firmware FS010W_00_V1.3.0 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors. | 4.8 |
| 2018-02-23 | CVE-2018-6868 | Cross-site Scripting vulnerability in Groupon Clone Script Project Groupon Clone Script 3.0.2 Cross Site Scripting (XSS) exists in PHP Scripts Mall Slickdeals / DealNews / Groupon Clone Script 3.0.2 via a User Profile Field parameter. | 5.4 |
| 2018-02-23 | CVE-2018-6867 | Cross-site Scripting vulnerability in Alibaba Clone Script Project Alibaba Clone Script 1.0.2 Cross Site Scripting (XSS) exists in PHP Scripts Mall Alibaba Clone Script 1.0.2 via a profile parameter. | 5.4 |
| 2018-02-23 | CVE-2018-6866 | Cross-site Scripting vulnerability in Learning and Examination Management System Script Project Learning and Examination Management System Script 2.3.1 Cross Site Scripting (XSS) exists in PHP Scripts Mall Learning and Examination Management System Script 2.3.1 via a crafted message. | 5.4 |