Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-30 | CVE-2017-17986 | Cross-site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/caste_view.php comm_id parameter. | 4.8 |
| 2017-12-30 | CVE-2017-17985 | Cross-site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/state_view.php cou_id parameter. | 4.8 |
| 2017-12-30 | CVE-2017-17984 | Cross-site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/event_edit.php edit_id parameter. | 4.8 |
| 2017-12-30 | CVE-2017-17981 | Cross-site Scripting vulnerability in Muslim Matrimonial Script Project Muslim Matrimonial Script 3.0.3 PHP Scripts Mall Muslim Matrimonial Script has XSS via the admin/slider_edit.php edit_id parameter. | 5.4 |
| 2017-12-29 | CVE-2017-17971 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 6.0.4 The test_sql_and_script_inject function in htdocs/main.inc.php in Dolibarr ERP/CRM 6.0.4 blocks some event attributes but neither onclick nor onscroll, which allows XSS. | 6.1 |
| 2017-12-29 | CVE-2017-17933 | Cross-site Scripting vulnerability in Netwin Surgeftp 23F2 cgi/surgeftpmgr.cgi (aka the Web Manager interface on TCP port 7021 or 9021) in NetWin SurgeFTP version 23f2 has XSS via the classid, domainid, or username parameter. | 6.1 |
| 2017-12-29 | CVE-2017-16876 | Cross-site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in the _keyify function in mistune.py in Mistune before 0.8.1 allows remote attackers to inject arbitrary web script or HTML by leveraging failure to escape the "key" argument. | 6.1 |
| 2017-12-28 | CVE-2017-17958 | Cross-site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the my_wishlist.php fid parameter. | 6.1 |
| 2017-12-28 | CVE-2017-17956 | Cross-site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the admin/sellerupd.php companyname parameter. | 6.1 |
| 2017-12-28 | CVE-2017-17955 | Cross-site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the shopping-cart.php cusid parameter. | 6.1 |