Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-12-27 | CVE-2015-7666 | Cross-site Scripting vulnerability in Codepeople Payment Form for Paypal PRO 1.0.1 Multiple cross-site scripting (XSS) vulnerabilities in the (1) cp_updateMessageItem and (2) cp_deleteMessageItem functions in cp_ppp_admin_int_message_list.inc.php in the Payment Form for PayPal Pro plugin before 1.0.2 for WordPress allow remote attackers to inject arbitrary web script or HTML via the cal parameter. | 6.1 |
| 2017-12-27 | CVE-2015-7324 | Cross-site Scripting vulnerability in Stackideas Komento Multiple cross-site scripting (XSS) vulnerabilities in helpers/comment.php in the StackIdeas Komento (com_komento) component before 2.0.5 for Joomla! allow remote attackers to inject arbitrary web script or HTML via the (1) img or (2) url tag of a new comment. | 6.1 |
| 2017-12-27 | CVE-2017-16768 | Cross-site Scripting vulnerability in Synology Mailplus Server Cross-site scripting (XSS) vulnerability in User Policy editor in Synology MailPlus Server before 1.4.0-0415 allows remote authenticated users to inject arbitrary HTML via the name parameter. | 4.8 |
| 2017-12-27 | CVE-2017-17929 | Cross-site Scripting vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script has XSS via the admin/bannerview.php view parameter. | 4.8 |
| 2017-12-27 | CVE-2017-17925 | Cross-site Scripting vulnerability in Ordermanagementscript Professional Service Script PHP Scripts Mall Professional Service Script has XSS via the admin/general_settingupd.php website_title parameter. | 4.8 |
| 2017-12-27 | CVE-2017-17911 | Cross-site Scripting vulnerability in Archon 3.21 packages/core/contact.php in Archon 3.21 rev-1 has XSS in the referer parameter in an index.php?p=core/contact request, aka Open Bug Bounty ID OBB-278503. | 6.1 |
| 2017-12-27 | CVE-2017-17909 | Cross-site Scripting vulnerability in Responsive Realestate Script Project Responsive Realestate Script 3.3.3 PHP Scripts Mall Responsive Realestate Script has XSS via the admin/general.php gplus parameter. | 4.8 |
| 2017-12-27 | CVE-2017-17907 | Cross-site Scripting vulnerability in CAR Rental Script Project CAR Rental Script 2.0.8 PHP Scripts Mall Car Rental Script has XSS via the admin/areaedit.php carid parameter or the admin/sitesettings.php websitename parameter. | 6.1 |
| 2017-12-27 | CVE-2017-17904 | Cross-site Scripting vulnerability in Fortunescripts Lynda Clone 1.0 FS Lynda Clone has XSS via the keywords parameter to tutorial/ or the edit_profile_first_name parameter to user/edit_profile. | 5.4 |
| 2017-12-27 | CVE-2017-17896 | Cross-site Scripting vulnerability in Basic JOB Site Script Project Basic JOB Site Script Readymade Job Site Script has XSS via the keyword parameter to the /job URI. | 6.1 |