Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2018-01-18 CVE-2018-5773 Cross-site Scripting vulnerability in Python-Markdown2 Project Python-Markdown2
An issue was discovered in markdown2 (aka python-markdown2) through 2.3.5.
4.3
2018-01-18 CVE-2017-16863 Cross-site Scripting vulnerability in Atlassian Jira
The PieChart gadget in Atlassian Jira before version 7.5.3 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability through the name of a project or filter.
network
atlassian CWE-79
4.3
2018-01-18 CVE-2017-15869 Cross-site Scripting vulnerability in Livezilla
Cross-site scripting (XSS) vulnerability in knowledgebase.php in LiveZilla before 7.0.8.9 allows remote attackers to inject arbitrary web script or HTML via the search-for parameter.
network
livezilla CWE-79
4.3
2018-01-18 CVE-2018-0098 Cross-site Scripting vulnerability in Cisco Wap150 Firmware and Wap361 Firmware
A vulnerability in the web-based management interface of Cisco WAP150 Wireless-AC/N Dual Radio Access Point with Power over Ethernet (PoE) and WAP361 Wireless-AC/N Dual Radio Wall Plate Access Point with PoE could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
2018-01-18 CVE-2018-0093 Cross-site Scripting vulnerability in Cisco web Security Appliance
A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
2018-01-18 CVE-2018-0091 Cross-site Scripting vulnerability in Cisco Identity Services Engine
A vulnerability in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an unauthenticated, remote attacker to conduct a Document Object Model (DOM) cross-site scripting (XSS) attack against a user of the web-based management interface of an affected device.
network
cisco CWE-79
4.3
2018-01-18 CVE-2017-12307 Cross-site Scripting vulnerability in Cisco products
A vulnerability in the web framework of Cisco Small Business Managed Switches software could allow an unauthenticated, remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the web interface of an affected system.
network
cisco CWE-79
4.3
2018-01-16 CVE-2017-17947 Cross-site Scripting vulnerability in Pulsesecure Pulse Connect Secure
A cross site scripting issue has been found in custompage.cgi in Pulse Secure Pulse Connect Secure (PCS) before 8.0R17.0, 8.1.x before 8.1R13, 8.2.x before 8.2R9, and 8.3.x before 8.3R3 and Pulse Policy Secure (PPS) before 5.2R10, 5.3.x before 5.3R9, and 5.4.x before 5.4R3 due to one of the URL parameters not being sanitized.
3.5
2018-01-16 CVE-2018-5715 Cross-site Scripting vulnerability in Sugarcrm 3.5.1
phprint.php in SugarCRM 3.5.1 has XSS via a parameter name in the query string (aka a $key variable).
network
sugarcrm CWE-79
4.3
2018-01-16 CVE-2018-5370 Cross-site Scripting vulnerability in Bizlogicdev Xnami 1.0
BizLogic xnami 1.0 has XSS via the comment parameter in an addComment action to the /media/ajax URI.
4.3