Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-31 | CVE-2023-52269 | Cross-site Scripting vulnerability in Mdaemon Securitygateway 9.0.3 MDaemon SecurityGateway through 9.0.3 allows XSS via a crafted Message Content Filtering rule. | 4.8 |
| 2023-12-30 | CVE-2023-52264 | Cross-site Scripting vulnerability in Thirtybees Bees Blog The beesblog (aka Bees Blog) component before 1.6.2 for thirty bees allows Reflected XSS because controllers/front/post.php sharing_url is mishandled. | 6.1 |
| 2023-12-30 | CVE-2023-52265 | Cross-site Scripting vulnerability in Idurarapp Idurar 1.0.0/2.0.0/2.0.1 IDURAR (aka idurar-erp-crm) through 2.0.1 allows stored XSS via a PATCH request with a crafted JSON email template in the /api/email/update data. | 5.4 |
| 2023-12-30 | CVE-2023-50550 | Cross-site Scripting vulnerability in Layui layui up to v2.74 was discovered to contain a cross-site scripting (XSS) vulnerability via the data-content parameter. | 5.4 |
| 2023-12-30 | CVE-2023-52257 | Cross-site Scripting vulnerability in Logobee 0.2 LogoBee 0.2 allows updates.php?id= XSS. | 6.1 |
| 2023-12-29 | CVE-2023-52240 | Cross-site Scripting vulnerability in Kantega-Sso Kantega Saml SSO Oidc Kerberos Single Sign-On The Kantega SAML SSO OIDC Kerberos Single Sign-on apps before 6.20.0 for Atlassian products allow XSS if SAML POST Binding is enabled. | 6.1 |
| 2023-12-29 | CVE-2023-50069 | Cross-site Scripting vulnerability in Wiremock 3.0.4/3.1.0/3.2.0 WireMock with GUI versions 3.2.0.0 through 3.0.4.0 are vulnerable to stored cross-site scripting (SXSS) through the recording feature. | 6.1 |
| 2023-12-29 | CVE-2023-7113 | Cross-site Scripting vulnerability in Mattermost Server Mattermost version 8.1.6 and earlier fails to sanitize channel mention data in posts, which allows an attacker to inject markup in the web client. | 6.1 |
| 2023-12-29 | CVE-2023-41813 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). Allows you to edit the Web Console user notification options. This issue affects Pandora FMS: from 700 through 774. | 6.1 |
| 2023-12-29 | CVE-2023-41814 | Cross-site Scripting vulnerability in Pandorafms Pandora FMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). | 6.1 |