Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-22 | CVE-2018-6010 | Cross-site Scripting vulnerability in Yiiframework In Yii Framework 2.x before 2.0.14, remote attackers could obtain potentially sensitive information from exception messages, or exploit reflected XSS on the error handler page in non-debug mode. | 7.5 |
| 2018-01-22 | CVE-2018-6002 | Cross-site Scripting vulnerability in Webartisan Soundy Background Music The Soundy Background Music plugin 3.9 and below for WordPress has Cross-Site Scripting via soundy-background-music\templates\front-end.php (war_soundy_preview parameter). | 6.1 |
| 2018-01-22 | CVE-2018-6001 | Cross-site Scripting vulnerability in Webartisan Soundy Audio Playlist The Soundy Audio Playlist plugin 4.6 and below for WordPress has Cross-Site Scripting via soundy-audio-playlist\templates\front-end.php (war_sdy_pl_preview parameter). | 6.1 |
| 2018-01-22 | CVE-2018-1045 | Cross-site Scripting vulnerability in Moodle In Moodle 3.x, there is XSS via a calendar event name. | 5.4 |
| 2018-01-22 | CVE-2018-5962 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel index.php in CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the id parameter to the phpini_editor module or the email_address parameter to the mail_add-new module. | 6.1 |
| 2018-01-22 | CVE-2018-5961 | Cross-site Scripting vulnerability in Control-Webpanel Webpanel CentOS-WebPanel.com (aka CWP) CentOS Web Panel through v0.9.8.12 has XSS via the `module` value of the `index.php` file. | 6.1 |
| 2018-01-19 | CVE-2017-12097 | Cross-site Scripting vulnerability in Delayed JOB web Project Delayed JOB web 1.4 An exploitable cross site scripting (XSS) vulnerability exists in the filter functionality of the delayed_job_web rails gem version 1.4. | 6.1 |
| 2018-01-19 | CVE-2017-14096 | Cross-site Scripting vulnerability in Trendmicro Smart Protection Server A stored cross site scripting (XSS) vulnerability in Trend Micro Smart Protection Server (Standalone) versions 3.2 and below could allow an attacker to execute a malicious payload on vulnerable systems. | 6.1 |
| 2018-01-19 | CVE-2017-12098 | Cross-site Scripting vulnerability in Rails Admin Project Rails Admin 1.2.0 An exploitable cross site scripting (XSS) vulnerability exists in the add filter functionality of the rails_admin rails gem version 1.2.0. | 6.1 |
| 2018-01-18 | CVE-2015-9251 | Cross-site Scripting vulnerability in multiple products jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. | 6.1 |