Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-08 | CVE-2018-5281 | Cross-site Scripting vulnerability in Sonicwall Sonicos SonicWall SonicOS on Network Security Appliance (NSA) 2017 Q4 devices has XSS via the CFS Custom Category and Cloud AV DB Exclusion Settings screens. | 5.4 |
| 2018-01-08 | CVE-2018-5280 | Cross-site Scripting vulnerability in Sonicwall Sonicos SonicWall SonicOS on Network Security Appliance (NSA) 2016 Q4 devices has XSS via the Configure SSO screens. | 5.4 |
| 2018-01-08 | CVE-2018-5293 | Cross-site Scripting vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | 6.1 |
| 2018-01-08 | CVE-2018-5292 | Cross-site Scripting vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-information page. | 6.1 |
| 2018-01-08 | CVE-2018-5288 | Cross-site Scripting vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | 6.1 |
| 2018-01-08 | CVE-2018-5286 | Cross-site Scripting vulnerability in GD Rating System Project GD Rating System 2.3 The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | 6.1 |
| 2018-01-08 | CVE-2018-5284 | Cross-site Scripting vulnerability in Wpscoop Imageinject 1.15 The ImageInject plugin 1.15 for WordPress has XSS via the flickr_appid parameter to wp-admin/options-general.php. | 4.8 |
| 2018-01-08 | CVE-2018-5071 | Cross-site Scripting vulnerability in Cobham SEA TEL 116 Firmware 222429 Persistent XSS exists in the web server on Cobham Sea Tel 116 build 222429 satellite communication system devices: remote attackers can inject malicious JavaScript code using the device's TELNET shell built-in commands, as demonstrated by the "set ship name" command. | 5.4 |
| 2018-01-05 | CVE-2018-5249 | Cross-site Scripting vulnerability in Shaarli Project Shaarli Cross-site scripting (XSS) vulnerability in Shaarli before 0.8.5 and 0.9.x before 0.9.3 allows remote attackers to inject arbitrary code via the login form's username field (aka the login parameter to the ban_canLogin function in index.php). | 6.1 |
| 2018-01-04 | CVE-2018-5216 | Cross-site Scripting vulnerability in Radiantcms Radiant CMS 1.1.4 Radiant CMS 1.1.4 has XSS via crafted Markdown input in the part_body_content parameter to an admin/pages/*/edit resource. | 5.4 |