Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-01-12 CVE-2017-14594 Cross-site Scripting vulnerability in Atlassian Jira
The printable searchrequest issue resource in Atlassian Jira before version 7.2.12 and from version 7.3.0 before 7.6.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the jqlQuery query parameter.
network
low complexity
atlassian CWE-79
6.1
6.1
2018-01-12 CVE-2018-5376 Cross-site Scripting vulnerability in Discuz Discuzx 3.4
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
network
low complexity
discuz CWE-79
6.1
6.1
2018-01-12 CVE-2018-5375 Cross-site Scripting vulnerability in Discuz Discuzx X3.4
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
network
low complexity
discuz CWE-79
6.1
6.1
2018-01-12 CVE-2018-5369 Cross-site Scripting vulnerability in Srbtranslatin Project Srbtranslatin 1.46
The SrbTransLatin plugin 1.46 for WordPress has XSS via an srbtranslatoptions action to wp-admin/options-general.php with a lang_identificator parameter.
network
low complexity
srbtranslatin-project CWE-79
4.8
4.8
2018-01-12 CVE-2018-5367 Cross-site Scripting vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php.
network
low complexity
wpglobus CWE-79
4.8
4.8
2018-01-12 CVE-2018-5366 Cross-site Scripting vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php.
network
low complexity
wpglobus CWE-79
4.8
4.8
2018-01-12 CVE-2018-5365 Cross-site Scripting vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php.
network
low complexity
wpglobus CWE-79
4.8
4.8
2018-01-12 CVE-2018-5364 Cross-site Scripting vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php.
network
low complexity
wpglobus CWE-79
4.8
4.8
2018-01-12 CVE-2018-5363 Cross-site Scripting vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php.
network
low complexity
wpglobus CWE-79
4.8
4.8
2018-01-12 CVE-2018-5362 Cross-site Scripting vulnerability in Wpglobus 1.9.6
The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php.
network
low complexity
wpglobus CWE-79
4.8
4.8