Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-01-02 CVE-2017-1000443 Cross-site Scripting vulnerability in Openhacker Project Openhacker 0.1.47
Eleix Openhacker version 0.1.47 is vulnerable to a XSS vulnerability in the bank transactions component resulting in arbitrary code execution in the browser.
network
low complexity
openhacker-project CWE-79
6.1
6.1
2018-01-02 CVE-2017-1000442 Cross-site Scripting vulnerability in Passbolt API
Passbolt API version 1.6.4 and older are vulnerable to a XSS in the url field on the password workspace
network
low complexity
passbolt CWE-79
5.4
5.4
2018-01-02 CVE-2017-18015 Cross-site Scripting vulnerability in Wp-Unit Share This Image
The ILLID Share This Image plugin before 1.04 for WordPress has XSS via the sharer.php url parameter.
network
low complexity
wp-unit CWE-79
6.1
6.1
2018-01-01 CVE-2017-18012 Cross-site Scripting vulnerability in Z-Url Preview Project Z-Url Preview 1.6.1
The Z-URL Preview plugin 1.6.1 for WordPress has XSS via the class.zlinkpreview.php url parameter.
network
low complexity
z-url-preview-project CWE-79
6.1
6.1
2018-01-01 CVE-2017-18011 Cross-site Scripting vulnerability in Clickbank Affiliate ADS for Clickbank products
The MyCBGenie Affiliate Ads for Clickbank Products plugin through 1.6 for WordPress has XSS via the text_ads_ajax.php border_color parameter.
network
low complexity
clickbank CWE-79
6.1
6.1
2018-01-01 CVE-2017-18010 Cross-site Scripting vulnerability in E-Goi Smart Marketing SMS and Newsletters Forms
The E-goi Smart Marketing SMS and Newsletters Forms plugin before 2.0.0 for WordPress has XSS via the admin/partials/custom/egoi-for-wp-form_egoi.php url parameter.
network
low complexity
e-goi CWE-79
6.1
6.1
2018-01-01 CVE-2017-18006 Cross-site Scripting vulnerability in Extensis Portfolio Netpublish
netpub/server.np in Extensis Portfolio NetPublish has XSS in the quickfind parameter, aka Open Bug Bounty ID OBB-290447.
network
low complexity
extensis CWE-79
6.1
6.1
2017-12-31 CVE-2017-18004 Cross-site Scripting vulnerability in Zurmo CRM 3.2.3
Zurmo 3.2.3 allows XSS via the latitude or longitude parameter to maps/default/mapAndPoint.
network
low complexity
zurmo CWE-79
5.4
5.4
2017-12-30 CVE-2016-10704 Cross-site Scripting vulnerability in Magento
Magento Community Edition and Enterprise Edition before 2.0.10 and 2.1.x before 2.1.2 have XSS via e-mail templates that are mishandled during a preview, aka APPSEC-1503.
network
low complexity
magento CWE-79
6.1
6.1
2017-12-30 CVE-2017-17089 Cross-site Scripting vulnerability in Webmin
custom/run.cgi in Webmin before 1.870 allows remote authenticated administrators to conduct XSS attacks via the description field in the custom command functionality.
network
low complexity
webmin CWE-79
4.8
4.8