Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2018-01-03	CVE-2018-5076	Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/newsedit.php newstitle parameter. network low complexity advanced-real-estate-script-project CWE-79	4.8
2018-01-03	CVE-2018-5075	Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/snacks_edit.php snacks_name parameter. network low complexity advanced-real-estate-script-project CWE-79	4.8
2018-01-03	CVE-2018-5074	Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/manageownerlist.php contact parameter. network low complexity advanced-real-estate-script-project CWE-79	4.8
2018-01-03	CVE-2018-5072	Cross-site Scripting vulnerability in Advanced Real Estate Script Project Advanced Real Estate Script Online Ticket Booking has XSS via the admin/sitesettings.php keyword parameter. network low complexity advanced-real-estate-script-project CWE-79	4.8
2018-01-03	CVE-2017-1000462	Cross-site Scripting vulnerability in Bookstackapp Bookstack 0.18.4 BookStack version 0.18.4 is vulnerable to stored cross-site scripting, within the page creation page, which can result in disruption of service and execution of javascript code. network low complexity bookstackapp CWE-79	5.4
2018-01-03	CVE-2017-1000482	Cross-site Scripting vulnerability in Plone A member of the Plone 2.5-5.1rc1 site could set javascript in the home_page property of his profile, and have this executed when a visitor click the home page link on the author page. network low complexity plone CWE-79	5.4
2018-01-03	CVE-2017-1000478	Cross-site Scripting vulnerability in Elabftw 1.7.8 ELabftw version 1.7.8 is vulnerable to stored cross-site scripting in the experiment infos component resulting in arbitrary execution of JavaScript and denial of service. network low complexity elabftw CWE-79	5.4
2018-01-03	CVE-2017-1000488	Cross-site Scripting vulnerability in multiple products Mautic version 2.1.0 - 2.11.0 is vulnerable to an inline JS XSS attack when using Mautic forms on a Mautic landing page using GET parameters to pre-populate the form. network low complexity mautic acquia CWE-79	6.1
2018-01-03	CVE-2017-1000467	Cross-site Scripting vulnerability in Lavalite 5.2.4 LavaLite version 5.2.4 is vulnerable to stored cross-site scripting vulnerability, within the blog creation page, which can result in disruption of service and execution of javascript code. network low complexity lavalite CWE-79	5.4
2018-01-03	CVE-2017-1000495	Cross-site Scripting vulnerability in Quickappscms Quickapps CMS 2.0.0 QuickApps CMS version 2.0.0 is vulnerable to Stored Cross-site Scripting in the user's real name field resulting in denial of service and performing unauthorised actions with an administrator user's account network low complexity quickappscms CWE-79	5.4