Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-02-21 CVE-2018-7274 Cross-site Scripting vulnerability in Quarx CMS Project Quarx CMS
Yab Quarx through 2.4.3 is prone to multiple persistent cross-site scripting vulnerabilities: Blog (Title), FAQ (Question), Pages (Title), Widgets (Name), and Menus (Name).
network
low complexity
quarx-cms-project CWE-79
6.1
6.1
2018-02-20 CVE-2018-7265 Cross-site Scripting vulnerability in Shimmie2 Project Shimmie2 2.6.0
Shimmie 2 2.6.0 allows an attacker to upload a crafted SVG file that enables stored XSS.
network
low complexity
shimmie2-project CWE-79
6.1
6.1
2018-02-20 CVE-2017-17454 Cross-site Scripting vulnerability in Mahara
Mahara 16.10 before 16.10.7 and 17.04 before 17.04.5 and 17.10 before 17.10.2 have a Cross Site Scripting (XSS) vulnerability when a user enters invalid UTF-8 characters.
network
low complexity
mahara CWE-79
5.4
5.4
2018-02-20 CVE-2015-6544 Cross-site Scripting vulnerability in Combodo Itop
Cross-site scripting (XSS) vulnerability in application/dashboard.class.inc.php in Combodo iTop before 2.2.0-2459 allows remote attackers to inject arbitrary web script or HTML via a dashboard title.
network
low complexity
combodo CWE-79
6.1
6.1
2018-02-20 CVE-2018-7205 Cross-site Scripting vulnerability in Kentico CMS
Reflected Cross-Site Scripting vulnerability in "Design" on "Edit device layout" in Kentico 9 through 11 allows remote attackers to execute malicious JavaScript via a malicious devicename parameter in a link that is entered via the "Pages -> Edit template properties -> Device Layouts -> Create device layout (and edit created device layout) -> Design" screens.
network
low complexity
kentico CWE-79
4.8
4.8
2018-02-20 CVE-2018-6940 Cross-site Scripting vulnerability in Nat32 2.2
A /shell?cmd= XSS issue exists in the HTTPD component of NAT32 v2.2 Build 22284 devices that can be exploited for Remote Code Execution in conjunction with CSRF.
network
low complexity
nat32 CWE-79
6.1
6.1
2018-02-20 CVE-2017-16356 Cross-site Scripting vulnerability in Kubik-Rubik Simple Image Gallery Extended
Reflected XSS in Kubik-Rubik SIGE (aka Simple Image Gallery Extended) before 3.3.0 allows attackers to execute JavaScript in a victim's browser by having them visit a plugins/content/sige/plugin_sige/print.php link with a crafted img, name, or caption parameter.
network
low complexity
kubik-rubik CWE-79
6.1
6.1
2018-02-19 CVE-2015-2324 Cross-site Scripting vulnerability in 10Web Photo Gallery
Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
10web CWE-79
5.4
5.4
2018-02-19 CVE-2017-18093 Cross-site Scripting vulnerability in Atlassian Crucible and Fisheye
Various resources in Atlassian Fisheye and Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allow remote attackers who have permission to add or modify a repository to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the location setting of a configured repository.
network
low complexity
atlassian CWE-79
4.8
4.8
2018-02-19 CVE-2017-18092 Cross-site Scripting vulnerability in Atlassian Crucible
The print snippet resource in Atlassian Crucible before version 4.4.3 (the fixed version for 4.4.x) and before 4.5.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the contents of a comment on the snippet.
network
low complexity
atlassian CWE-79
5.4
5.4