Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-02-02 CVE-2018-6550 Cross-site Scripting vulnerability in Monstra
Monstra CMS through 3.0.4 has XSS in the title function in plugins/box/pages/pages.plugin.php via a page title to admin/index.php.
network
low complexity
monstra CWE-79
5.4
5.4
2018-02-02 CVE-2018-6545 Cross-site Scripting vulnerability in Ipswitch Moveit 8.1
Ipswitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability, as demonstrated by human.aspx.
network
low complexity
ipswitch CWE-79
6.1
6.1
2018-02-01 CVE-2018-0511 Cross-site Scripting vulnerability in Meowapps WP Retina 2X
Cross-site scripting vulnerability in WP Retina 2x prior to version 5.2.2 allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
meowapps CWE-79
6.1
6.1
2018-02-01 CVE-2018-0508 Cross-site Scripting vulnerability in Kkcald Project Kkcald 0.7.19/0.7.21
Cross-site scripting vulnerability in epg search result viewer (kkcald) 0.7.21 and earlier allows an attacker to inject arbitrary web script or HTML via unspecified vectors.
network
low complexity
kkcald-project CWE-79
6.1
6.1
2018-01-31 CVE-2018-6465 Cross-site Scripting vulnerability in Wp-Property-Hive Propertyhive
The PropertyHive plugin before 1.4.15 for WordPress has XSS via the body parameter to includes/admin/views/html-preview-applicant-matches-email.php.
network
low complexity
wp-property-hive CWE-79
6.1
6.1
2018-01-31 CVE-2018-6464 Cross-site Scripting vulnerability in Mycolorway Simditor 2.3.11
Simditor v2.3.11 allows XSS via crafted use of svg/onload=alert in a TEXTAREA element, as demonstrated by Firefox 54.0.1.
network
low complexity
mycolorway CWE-79
6.1
6.1
2018-01-30 CVE-2018-6194 Cross-site Scripting vulnerability in Splashing Images Project Splashing Images 1.0/2.0/2.1
A cross-site scripting (XSS) vulnerability in admin/partials/wp-splashing-admin-sidebar.php in the Splashing Images plugin (wp-splashing-images) before 2.1.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the search parameter to wp-admin/upload.php.
network
low complexity
splashing-images-project CWE-79
4.8
4.8
2018-01-30 CVE-2018-6380 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, lack of escaping in the module chromes leads to XSS vulnerabilities in the module system.
network
low complexity
joomla CWE-79
6.1
6.1
2018-01-30 CVE-2018-6379 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, inadequate input filtering in the Uri class (formerly JUri) leads to an XSS vulnerability.
network
low complexity
joomla CWE-79
6.1
6.1
2018-01-30 CVE-2018-6377 Cross-site Scripting vulnerability in Joomla Joomla!
In Joomla! before 3.8.4, inadequate input filtering in com_fields leads to an XSS vulnerability in multiple field types, i.e., list, radio, and checkbox
network
low complexity
joomla CWE-79
6.1
6.1