Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-26 | CVE-2017-14522 | Cross-site Scripting vulnerability in Wondercms 2.3.1 In WonderCMS 2.3.1, the application's input fields accept arbitrary user input resulting in execution of malicious JavaScript. | 6.1 |
| 2018-01-26 | CVE-2016-6217 | Cross-site Scripting vulnerability in Sophos Puremessage Cross-site scripting (XSS) vulnerability in Sophos PureMessage for UNIX before 6.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.1 |
| 2018-01-26 | CVE-2017-1000404 | Cross-site Scripting vulnerability in Jenkins Delivery Pipeline The Jenkins Delivery Pipeline Plugin version 1.0.7 and earlier used the unescaped content of the query parameter 'fullscreen' in its JavaScript, resulting in a cross-site scripting vulnerability through specially crafted URLs. | 6.1 |
| 2018-01-26 | CVE-2017-1000392 | Cross-site Scripting vulnerability in Jenkins Jenkins 2.88 and earlier; 2.73.2 and earlier Autocompletion suggestions for text fields were not escaped, resulting in a persisted cross-site scripting vulnerability if the source for the suggestions allowed specifying text that includes HTML metacharacters like less-than and greater-than characters. | 4.8 |
| 2018-01-26 | CVE-2017-1000389 | Cross-site Scripting vulnerability in Jenkins Global-Build-Stats Some URLs provided by Jenkins global-build-stats plugin version 1.4 and earlier returned a JSON response that contained request parameters. | 6.1 |
| 2018-01-26 | CVE-2017-1000386 | Cross-site Scripting vulnerability in Jenkins Active Choices Jenkins Active Choices plugin version 1.5.3 and earlier allowed users with Job/Configure permission to provide arbitrary HTML to be shown on the 'Build With Parameters' page through the 'Active Choices Reactive Reference Parameter' type. | 5.4 |
| 2018-01-25 | CVE-2018-6313 | Cross-site Scripting vulnerability in Wbce CMS 1.3.1 Cross-site scripting (XSS) in WBCE CMS 1.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the Modify Page screen, a different issue than CVE-2017-2118. | 4.8 |
| 2018-01-25 | CVE-2018-5965 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_errors parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5964 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/moduleinterface.php via the m1_messages parameter. | 4.8 |
| 2018-01-25 | CVE-2018-5963 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.5 CMS Made Simple (CMSMS) 2.2.5 has XSS in admin/addbookmark.php via the title parameter. | 4.8 |