Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2024-03-13 CVE-2018-25090 An unauthenticated remote attacker can use an XSS attack due to improper neutralization of input during web page generation.
network
low complexity
CWE-79
5.4
5.4
2024-03-01 CVE-2023-28525 Cross-site Scripting vulnerability in IBM products
IBM Engineering Requirements Management 9.7.2.7 is vulnerable to cross-site scripting.
network
low complexity
ibm CWE-79
4.8
4.8
2024-02-22 CVE-2024-1451 Cross-site Scripting vulnerability in Gitlab 16.9.0
An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.9 before 16.9.1.
network
low complexity
gitlab CWE-79
8.7
8.7
2024-02-21 CVE-2022-45179 Cross-site Scripting vulnerability in Liveboxcloud Vdesk
An issue was discovered in LIVEBOX Collaboration vDesk through v031.
network
low complexity
liveboxcloud CWE-79
5.4
5.4
2024-02-20 CVE-2024-1647 Pyhtml2pdf version 0.0.6 allows an external attacker to remotely obtain arbitrary local files.
network
low complexity
CWE-79
7.5
7.5
2024-02-17 CVE-2024-25297 Cross-site Scripting vulnerability in Bludit 3.15.0
Cross Site Scripting (XSS) vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php.
network
low complexity
bludit CWE-79
4.8
4.8
2024-02-15 CVE-2023-26206 Cross-site Scripting vulnerability in Fortinet Fortinac
An improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiNAC 9.4.0 - 9.4.2, 9.2.0 - 9.2.8, 9.1.0 - 9.1.10 and 7.2.0 allows an attacker to execute unauthorized code or commands via the name fields observed in the policy audit logs.
network
low complexity
fortinet CWE-79
6.1
6.1
2024-02-15 CVE-2024-20717 Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields.
network
low complexity
adobe CWE-79
5.4
5.4
2024-02-15 CVE-2024-20719 Cross-site Scripting vulnerability in Adobe Commerce 2.4.4/2.4.5/2.4.6
Adobe Commerce versions 2.4.6-p3, 2.4.5-p5, 2.4.4-p6 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an admin attacker to inject malicious scripts into every admin page.
network
low complexity
adobe CWE-79
critical
 9.1
9.1
2024-02-14 CVE-2024-25300 Cross-site Scripting vulnerability in Redaxo 5.15.1
A cross-site scripting (XSS) vulnerability in Redaxo v5.15.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Name parameter in the Template section.
network
low complexity
redaxo CWE-79
4.8
4.8