Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-01-03 | CVE-2017-1000492 | Cross-site Scripting vulnerability in Leanote Desktop 2.5 Leanote-desktop version v2.5 is vulnerable to a XSS which leads to code execution due to enabled node integration | 6.1 |
| 2018-01-03 | CVE-2017-1000491 | Cross-site Scripting vulnerability in Shiba Project Shiba 1.1.0 Shiba markdown live preview app version 1.1.0 is vulnerable to XSS which leads to code execution due to enabled node integration. | 6.1 |
| 2018-01-03 | CVE-2017-1000466 | Cross-site Scripting vulnerability in Invoiceninja Invoice Ninja 3.8.1 Invoice Ninja version 3.8.1 is vulnerable to stored cross-site scripting vulnerability, within the invoice creation page, which can result in disruption of service and execution of javascript code. | 5.4 |
| 2018-01-03 | CVE-2017-1000463 | Cross-site Scripting vulnerability in Leafpub 1.2.0 Leafpub version 1.2.0-beta6 is vulnerable to stored cross-site scripting vulnerability, within the edit blog post page, which can result in disruption of service and execution of javascript code. | 5.4 |
| 2018-01-03 | CVE-2017-1000459 | Cross-site Scripting vulnerability in Leanote Leanote version <= 2.5 is vulnerable to XSS due to not sanitized input in markdown notes | 6.1 |
| 2018-01-02 | CVE-2017-1000427 | Cross-site Scripting vulnerability in Marked Project Marked marked version 0.3.6 and earlier is vulnerable to an XSS attack in the data: URI parser. | 6.1 |
| 2018-01-02 | CVE-2017-1000425 | Cross-site Scripting vulnerability in Liferay Portal Cross-site scripting (XSS) vulnerability in the /html/portal/flash.jsp page in Liferay Portal CE 7.0 GA4 and older allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the "movie" parameter. | 6.1 |
| 2018-01-02 | CVE-2017-1000426 | Cross-site Scripting vulnerability in Omniscale Mapproxy MapProxy version 1.10.3 and older is vulnerable to a Cross Site Scripting attack in the demo service resulting in possible information disclosure. | 6.1 |
| 2018-01-02 | CVE-2017-1000431 | Cross-site Scripting vulnerability in EZ Publish eZ Systems eZ Publish version 5.4.0 to 5.4.9, and 5.3.12 and older, is vulnerable to an XSS issue in the search module, resulting in a risk of attackers injecting scripts which may e.g. | 6.1 |
| 2018-01-02 | CVE-2017-1000457 | Cross-site Scripting vulnerability in Mojoportal 2.5.0.0 Cross-site scripting (XSS) vulnerability in Help.aspx in mojoPortal version 2.5.0.0 allows remote attackers to inject arbitrary web script or HTML via the helpkey parameter. | 4.8 |