Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-02-09 | CVE-2017-1000509 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.2 Dolibarr version 6.0.2 contains a Cross Site Scripting (XSS) vulnerability in Product details that can result in execution of javascript code. | 5.4 |
| 2018-02-09 | CVE-2017-1000508 | Cross-site Scripting vulnerability in Invoiceplane Invoice Plane version 1.5.4 and earlier contains a Cross Site Scripting (XSS) vulnerability in Client's details that can result in execution of javascript code . | 6.1 |
| 2018-02-09 | CVE-2017-1000507 | Cross-site Scripting vulnerability in Cnvs Canvas 3.4.2 Canvs Canvas version 3.4.2 contains a Cross Site Scripting (XSS) vulnerability in User's details that can result in denial of service and execution of javascript code. | 5.4 |
| 2018-02-09 | CVE-2017-1000506 | Cross-site Scripting vulnerability in Mautic Mautic version 2.11.0 and earlier contains a Cross Site Scripting (XSS) vulnerability in Company's name that can result in denial of service and execution of javascript code. | 6.1 |
| 2018-02-09 | CVE-2018-5307 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 2.x before 2.14.6 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | 6.1 |
| 2018-02-09 | CVE-2018-5306 | Cross-site Scripting vulnerability in Sonatype Nexus Repository Manager Multiple cross-site scripting (XSS) vulnerabilities in Sonatype Nexus Repository Manager (aka NXRM) 3.x before 3.8 allow remote attackers to inject arbitrary web script or HTML via (1) the repoId or (2) format parameter to service/siesta/healthcheck/healthCheckFileDetail/.../index.html; (3) the filename in the "File Upload" functionality of the Staging Upload; (4) the username when creating a new user; or (5) the IQ Server URL field in the IQ Server Connection functionality. | 6.1 |
| 2018-02-09 | CVE-2012-6347 | Cross-site Scripting vulnerability in Fortinet Fortidb 4.4.1 Multiple cross-site scripting (XSS) vulnerabilities in Java number format exception handling in FortiGate FortiDB before 4.4.2 allow remote attackers to inject arbitrary web script or HTML via the conversationContext parameter to (1) admin/auditTrail.jsf, (2) mapolicymgmt/targetsMonitorView.jsf, (3) vascan/globalsummary.jsf, (4) vaerrorlog/vaErrorLog.jsf, (5) database/listTargetGroups.jsf, (6) sysconfig/listSystemInfo.jsf, (7) vascan/list.jsf, (8) network/router.jsf, (9) mapolicymgmt/editPolicyProfile.jsf, or (10) mapolicymgmt/maPolicyMasterList.jsf. | 6.1 |
| 2018-02-09 | CVE-2012-6346 | Cross-site Scripting vulnerability in Fortinet Fortiweb Multiple cross-site scripting (XSS) vulnerabilities in FortiWeb before 4.4.4 allow remote attackers to inject arbitrary web script or HTML via the (1) redir or (2) mkey parameter to waf/pcre_expression/validate. | 6.1 |
| 2018-02-09 | CVE-2018-6878 | Cross-site Scripting vulnerability in HOT Scripts Clone Project HOT Scripts Clone 3.1 Cross Site Scripting (XSS) exists in the review section in PHP Scripts Mall Hot Scripts Clone Script Classified 3.1 via the title or description field. | 5.4 |
| 2018-02-09 | CVE-2018-1401 | Cross-site Scripting vulnerability in IBM Websphere Portal 8.0.0.0/8.5.0.0/9.0.0.0 IBM WebSphere Portal 8.0, 8.5, and 9.0 is vulnerable to cross-site scripting. | 6.1 |