Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-04 | CVE-2018-5215 | Cross-site Scripting vulnerability in Fork-Cms Fork CMS 5.0.7 Fork CMS 5.0.7 has XSS in /private/en/pages/edit via the title parameter. | 5.4 |
| 2018-01-04 | CVE-2018-5214 | Cross-site Scripting vulnerability in ADD Link to Facebook Project ADD Link to Facebook The "Add Link to Facebook" plugin through 2.3 for WordPress has XSS via the al2fb_facebook_id parameter to wp-admin/profile.php. | 5.4 |
| 2018-01-04 | CVE-2018-5213 | Cross-site Scripting vulnerability in Simple Download Monitor Project Simple Download Monitor 3.5.4 The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload (aka Downloadable File) parameter in an edit action to wp-admin/post.php. | 5.4 |
| 2018-01-04 | CVE-2018-5212 | Cross-site Scripting vulnerability in Simple Download Monitor Project Simple Download Monitor 3.5.4 The Simple Download Monitor plugin before 3.5.4 for WordPress has XSS via the sdm_upload_thumbnail (aka File Thumbnail) parameter in an edit action to wp-admin/post.php. | 5.4 |
| 2018-01-04 | CVE-2017-1673 | Cross-site Scripting vulnerability in IBM Security KEY Lifecycle Manager IBM Tivoli Key Lifecycle Manager 2.5, 2.6, and 2.7 is vulnerable to cross-site scripting. | 6.1 |
| 2018-01-04 | CVE-2017-17837 | Cross-site Scripting vulnerability in Apache Deltaspike 1.8.0 The Apache DeltaSpike-JSF 1.8.0 module has a XSS injection leak in the windowId handling. | 6.1 |
| 2018-01-04 | CVE-2018-1190 | Cross-site Scripting vulnerability in multiple products An issue was discovered in these Pivotal Cloud Foundry products: all versions prior to cf-release v270, UAA v3.x prior to v3.20.2, and UAA bosh v30.x versions prior to v30.8 and all other versions prior to v45.0. | 6.1 |
| 2018-01-04 | CVE-2017-14383 | Cross-site Scripting vulnerability in Dell EMC Vnx1 Firmware and EMC Vnx2 Firmware In Dell EMC VNX2 versions prior to Operating Environment for File 8.1.9.217 and VNX1 versions prior to Operating Environment for File 7.1.80.8, a web server error page in VNX Control Station is impacted by a reflected cross-site scripting vulnerability. | 6.1 |
| 2018-01-03 | CVE-2018-5078 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/eventlist.php cast parameter. | 4.8 |
| 2018-01-03 | CVE-2018-5077 | Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/movieedit.php moviename parameter. | 4.8 |