Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-28 | CVE-2017-17954 | Cross-site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the seller-view.php usid parameter. | 6.1 |
| 2017-12-28 | CVE-2017-17953 | Cross-site Scripting vulnerability in PHP Multivendor Ecommerce Project PHP Multivendor Ecommerce PHP Scripts Mall PHP Multivendor Ecommerce has XSS via the category.php chid1 parameter. | 6.1 |
| 2017-12-28 | CVE-2017-17949 | Cross-site Scripting vulnerability in Cells Blog 3.5 Cells Blog 3.5 has XSS via the pub_readpost.php fmid parameter. | 6.1 |
| 2017-12-28 | CVE-2017-17948 | Cross-site Scripting vulnerability in Cells Blog 3.5 Cells Blog 3.5 has XSS via the jfdname parameter in an act=showpic request. | 6.1 |
| 2017-12-28 | CVE-2017-15892 | Cross-site Scripting vulnerability in Synology Chat Multiple cross-site scripting (XSS) vulnerabilities in Slash Command Creator in Synology Chat before 2.0.0-1124 allow remote authenticated users to inject arbitrary web script or HTML via (1) COMMAND, (2) COMMANDS INSTRUCTION, or (3) DESCRIPTION parameter. | 5.4 |
| 2017-12-28 | CVE-2017-17940 | Cross-site Scripting vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2 PHP Scripts Mall Single Theater Booking has XSS via the title parameter to admin/sitesettings.php. | 4.8 |
| 2017-12-28 | CVE-2017-17938 | Cross-site Scripting vulnerability in Single Theater Booking Script Project Single Theater Booking Script 3.2.2 PHP Scripts Mall Single Theater Booking has XSS via the admin/viewtheatre.php theatreid parameter. | 4.8 |
| 2017-12-28 | CVE-2017-17937 | Cross-site Scripting vulnerability in Vanguard Project Marketplace Digital products PHP Vanguard Marketplace Digital Products PHP has XSS via the phps_query parameter to /search. | 6.1 |
| 2017-12-27 | CVE-2015-7668 | Cross-site Scripting vulnerability in Easy2Map Cross-site scripting (XSS) vulnerability in includes/MapPinImageSave.php in the Easy2Map plugin before 1.3.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the map_id parameter. | 6.1 |
| 2017-12-27 | CVE-2015-7667 | Cross-site Scripting vulnerability in Web-Mv Resads 1.0/1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in (1) templates/admanagement/admanagement.php and (2) templates/adspot/adspot.php in the ResAds plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the page parameter. | 6.1 |