XSS - Prevention - POST : suspicious 'div' tag found in data Description   The presence of tags allowing the execution of active code should not be authorised in the form datas. Cross Site scripting attacks (XSS) may allow a user's browser to execute codes. These codes, which are included in the targeted web page and executed on the user's computer, can be used for stealing session cookies and can also authenticate a malicious user passing off as a legitimate user on a vulnerable site. Before 9.0.0 version, this signature was available in context [http:client].       Default configuration   Profiles High Medium Low Internet Action Block Block Pass Pass Alarm Level Minor Minor Ignore Minor       References         Available since   ASQ v5.0.0       Protects   WSO2 Identity Server Multiple Stored Cross-Site Scripting Vulnerabilities Fixed by 5.5.0 Kodi (XBMC) Stored Cross-Site Scripting Vulnerability Joomla Third-Party Plugins Multiple Vulnerabilities Liferay Portal Multiple Vulnerabilities Wordpress Themes Multiple Cross-Site Scripting Vulnerabilities Fortinet FortiOS Multiple Cross-Site Scripting Vulnerabilities Fixed by 5.6.1 PHPMailer Cross-Site Scripting Vulnerability Fixed by 5.2.24 Cacti Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities ZoneMinder "postlogin.js.php" Cross-Site Scripting Vulnerability Fixed by 1.30.2 phpipam Multiple Cross-Site Scripting Vulnerabilities TYPO3 Third-Party Components Multiple Cross-Site Scripting Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities ZoneMinder Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities ZoneMinder Information Disclosure Vulnerability WordPress Third-Party Plugins Multiple Vulnerabilities Atlassian Confluence JIRA Stored Cross-Site Scripting Vulnerability WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities Cisco Identity Services Engine Cross-Site Scripting Vulnerability WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities MoinMoin Multiple Cross-Site Scripting Vulnerabilities Fixed by 1.9.9 WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities Adobe Connect Cross-Site Scripting Vulnerability Fixed by 9.5.7 Nagios XI Multiple Vulnerabilities Fixed by 5.3.0 Wordpress Multiple Third Party Plugins Vulnerabilities WordPress Third-Party Plugins Multiple Vulnerabilities WordPress Third Party Modules Multiple Vulnerabilities ownCloud Gallery Application Stored Cross-Site Scripting Vulnerability Fixed by 9.0.4 WordPress Third-Party Modules Multiple Vulnerabilities Cisco EPC 3925 Multiple Vulnerabilities WordPress Third Party Modules Multiple Vulnerabilities Infoblox Network Automation Multiple Vulnerabilities Fixed by 7.1.1 WordPress Third Party Modules Multiple Vulnerabilities WordPress Third Party Modules Multiple Vulnerabilities Fortinet FortiManager Cross-Site Scripting Vulnerabilities Fixed by 5.0.11, 5.2.6 and 5.4.0 Fortinet FortiManager Cross-Site Scripting Vulnerability Fixed by 5.0.12, 5.2.6 and 5.4.1 WordPress Third-Party Modules Multiple Vulnerabilities WordPress Third Party Modules Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities WordPress Multiple Themes Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities AlienVault USM Multiple Vulnerabilities WordPress Third-Party Modules Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Riverbed SteelCentral NetProfiler Multiple Vulnerabilities Fixed by 10.9.0 Wordpress Multiple Third Party Plugins Vulnerabilities Joomla Third-Party Plugins Multiple Vulnerabilities Fortinet FortiManager and FortiAnalyzer XSS Vulnerability Fixed by 5.4.0, 5.2.6 and 5.0.12 Wordpress Cross Site Scripting Vulnerability Fixed by 4.2.2 Cisco Routers Web Interface Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Liferay Cross-site Scritping Vulnerability Fixed by 7.0.0 CE RC1 Wordpress Multiple Third Party Plugins Vulnerabilities Roundcube Stored Cross-Site Scripting Vulnerability Fixed by 1.2 WordPress Multiple Vulnerabilities Fixed by 4.5.3 phpMyAdmin Multiple Vulnerabilities Fixed by 4.6.2 and 4.4.15.6 Wordpress Multiple Third Party Plugins Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Wordpress Multiple Third Party Plugins Vulnerabilities Cisco Unity Connection Web Framework Cross-Site Scripting Vulnerability SonarQube Multiple Cross-Site Scripting Vulnerabilities Fixed by 4.5.7 and 5.5 Wordpress Multiple Third Party Plugins Cross-site Scripting Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Fortinet FortiManager and FortiAnalyzer Stored Cross-Site Scripting Vulnerability Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities phpMyAdmin Multiple Vulnerabilities Fixed by 4.0.10.15, 4.4.15.4 and 4.5.5.1 Wordpress Themes Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Adminer Login Form Cross-Site Scripting Vulnerability Fixed by 4.2.0 TYPO3 Multiple Vulnerabilities Fixed by 6.2.18 and 7.6.3 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Horde Products Multiple Cross-Site Scripting Vulnerabilities phpMyAdmin Multiple Vulnerabilities Fixed by 5.1.5 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Typo3 Multiple Cross-Site Scripting Vulnerabilities Fixed by 6.2.16 and 7.6.1 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Dolibarr Multiple Cross-Site Scripting Vulnerabilities Fixed by 3.9 Magento Multiple Vulnerabilities Fixed by CE 1.9.2.3, EE 1.14.2.3 and 2.0.1 Moodle Multiple Vulnerabilities Fixed by 3.0.2, 2.9.4, 2.8.10 and 2.7.12 Dolibarr Multiple Cross Site Scripting Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Bugzilla Multiple Vulnerabilities Fixed by 4.2.16, 4.4.11 and 5.0.2 MediaWiki Multiple Vulnerabilities Fixed by 1.26.1, 1.25.4, 1.24.5 and 1.23.12 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Magento Web Application Service Multiple Vulnerabilities DotClear Multiple Vulnerabilities Fixed by 2.8.2 TestLink Multiple Vulnerabilities Fixed by 1.9.15 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities MediaWiki Multiple Vulnerabilities Fixed by 1.25.3, 1.24.4 and 1.23.11 TestLink Multiple Vulnerabilities Fixed by 1.9.14 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Liferay Portal Enterprise Edition Stored Cross-Site Scripting Vulnerability Centreon Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Drupal Third-Party Modules Multiple Vulnerabilities Moodle Multiple Vulnerabilities Fixed by 2.9, 2.8.6, 2.7.8 and 2.6.11 Wordpress Multiple Vulnerabilities Fixed by 4.3.1 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Magento 'saveIssue' Arbitrary Files Upload Vulnerability Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability Roundup Multiple Cross-Site Scripting Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cisco Finesse Multiple Cross-Site Scripting Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities BIG-IP "echo.jsp" Cross Site Scripting Vulnerability Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Wordpress Multiple Vulnerabilities Fixed by 4.2.3 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cisco WebEx Meeting Center "returnUrl" Reflected Cross-Site Scripting Vulnerability Cisco Identity Services Engine Infra Admin User Interface Cross-Site Scripting Vulnerability Django "simple_tag" Cross-Site Scripting Vulnerability Fixed by 1.9 Wordpress Multiple Third Party Plugins Multiple Vulnerabilities Cacti Three Vulnerabilities Cacti Two Cross-Site Scipting Vulnerabilities Dolibarr HTML Code Injection Vulnerability WordPress WP Photo Album Plus Plugin Two Script Insertion Vulnerabilities WordPress Comment Truncation Script Insertion Vulnerability Dotclear Two Script Insertion Vulnerabilities WordPress Multiple Vulnerabilities WordPress Shareaholic Plugin Script Insertion Vulnerability DokuWiki User Manager Script Insertion Vulnerability IBM Security Identity Manager / Tivoli Identity Manager Multiple Vulnerabilities Cisco Unified Web Interaction Manager Cross-Site Scripting Vulnerability eXtplorer Multiple Cross-Site Scripting Vulnerabilities WordPress Google Doc Embedder Plugin "profile" Cross-Site Scripting Vulnerability pfSense Multiple Vulnerabilities IBM TRIRIGA Application Platform Multiple Vulnerabilities D-Link DIR-655 Multiple Vulnerabilities Microsoft Exchange Server Multiple Vulnerabilities WordPress Bulletproof Security Plugin "dbhost" Cross-Site Scripting Vulnerability Oracle Solaris Samba SWAT Cross-Site Scripting and Request Forgery Vulnerabilities Microsoft SharePoint Foundation Script Insertion Vulnerability Oracle JDeveloper ADF Faces Cross-Site Scripting Vulnerability WordPress Easy MailChimp Forms Plugin Security Bypass Vulnerability WordPress NextGEN Gallery Multiple Cross-Site Scripting Vulnerabilities Pro Chat Rooms Text Chat Room / Pro Chat Rooms Audio/Video Chat Room Cross-Site Scripting and SQL Injection Vulnerabilities Barracuda Message Archiver Script Insertion Vulnerability Dolibarr ERP/CRM Multiple Cross-Site Scripting, Script Insertion, and SQL Injection Vulnerabilities Zurmo "label" Script Insertion Vulnerability Joomla! JChatSocial Component "filename" Cross-Site Scripting Vulnerability EMC Documentum eRoom Two Script Insertion Vulnerabilities Cacti Multiple Vulnerabilities osTicket "do" Cross-Site Scripting Vulnerability Trend Micro InterScan Messaging Security Suite / Virtual Appliance "addWhiteListDomainStr" Cross-Site Scripting Vulnerability Fiyo CMS "name" Cross-Site Scripting Vulnerability SpiceWorks Two Script Insertion Vulnerabilities BarracudaDrive Multiple Cross-Site Scripting Vulnerabilities NULL NUKE Cross-Site Request Forgery and SQL Injection Vulnerabilities FlatPress "content" Cross-Site Scripting Vulnerability Cacti Multiple Vulnerabilities BarracudaDrive Multiple Cross-Site Scripting Vulnerabilities bloofoxCMS "fileurl" Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities e107 Two Cross-Site Scripting and Script Insertion Vulnerabilities PyroCMS "email" Cross-Site Scripting Vulnerability storytlr Two Cross-Site Scripting Vulnerabilities WordPress Zedity Plugin "zaction" Cross-Site Scripting Vulnerability WordPress Welcart e-Commerce Plugin Multiple Cross-Site Scripting Vulnerabilities WordPress VideoWhisper Live Streaming Plugin Multiple Cross-Site Scripting Vulnerabilities OrangeHRM "empsearch[employee_name][empId]" Cross-Site Scripting Vulnerability ILIAS "title" Script Insertion Vulnerability WordPress Alpine PhotoTile For Instagram "general_lightbox_params" Cross-Site Scripting Vulnerability WordPress Widget Control Powered By Everyblock Plugin "idDropdown" Cross-Site Scripting Vulnerability PHP Calendar Information Disclosure Weakness and Cross-Site Scripting Vulnerability Stark CRM Cross-Site Request Forgery and Script Insertion Vulnerabilities BarracudaDrive Two Cross-Site Scripting Vulnerabilities D-Link DAP-1320 "html_response_message" Cross-Site Scripting Vulnerability WordPress FeedWeb Plugin "_wp_http_referer" Cross-Site Scripting Vulnerability TYPO3 Multiple Cross-Site Scripting Vulnerabilities ATutor Two Cross-Site Scripting Vulnerabilities WordPress Banner Rotator / Content Slider Plugin Cross-Site Scripting Vulnerability WordPress BuddyPress Plugin Script Insertion and Security Bypass Vulnerabilities Pina CMS Cross-Site Scripting Vulnerability CTERA Cloud Storage OS Project Folder Description Script Insertion Vulnerability JAMon Multiple Cross-Site Scripting Vulnerabilities Collabtive Script Insertion and SQL Injection Vulnerabilities iScripts MultiCart Script Insertion and Cross-Site Request Forgery Vulnerabilities Pet Listing Script Cross-Site Scripting and Request Forgery Vulnerabilities Event Booking Calendar Cross-Site Scripting and Request Forgery Vulnerabilities Hotel Booking System Cross-Site Scripting and Request Forgery Vulnerabilities Job Listing Script Cross-Site Scripting and Request Forgery Vulnerabilities Vacation Packages Listing Cross-Site Scripting and Request Forgery Vulnerabilities StivaSoft Vacation Rental Script Cross-Site Scripting and Request Forgery Vulnerabilities StivaSoft Car Rental Script Cross-Site Scripting and Request Forgery Vulnerabilities Seagate BlackArmor Cross-Site Scripting and Request Forgery Vulnerabilities WEBCrafted "username" Script Insertion Vulnerability ZendTo "emailAddr" Script Insertion Vulnerability Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities Wallpaper script "name" Script Insertion Vulnerability WordPress Download Manager Plugin "file[title]" Script Insertion Vulnerability NagiosQL "txtSearch" Cross-Site Scripting Vulnerability Jamroom Search Module "search_string" Cross-Site Scripting Vulnerability The Bug Genie File Attachments Script Insertion Vulnerability The Bug Genie Script Insertion and Cross-Site Scripting Vulnerabilities QuiXplorer Multiple Cross-Site Scripting Vulnerabilities WordPress Tweet Blender Plugin "tb_tab_index" Cross-Site Scripting Vulnerability ImpressPages CMS Multiple Vulnerabilities Nordex Control 2 Wind Farm Portal "userName" Cross-Site Scripting Vulnerability CourseMS Cross-Site Scripting and SQL Injection Vulnerabilities ILIAS Edit Comment "note" Script Insertion Vulnerability WordPress Quick Paypal Payments Plugin Two Script Insertion Vulnerabilities WordPress Dexs PM System Plugin "subject" Script Insertion Vulnerability AdaptCMS "data[Search][q]" Cross-Site Scripting Vulnerability Wordpress Quick Contact Form Plugin Two Script Insertion Vulnerabilities SimpleRisk Cross-Site Request Forgery and Script Insertion Vulnerabilities WordPress Zoom In/Out Slider Plugin Multiple Cross-Site Scripting Vulnerabilities Microsoft SharePoint Multiple Vulnerabilities WordPress Simple Login Registration Plugin "username" Cross-Site Scripting Vulnerability Cacti Script Insertion and SQL Injection Vulnerabilities Ovidentia Multiple Cross-Site Scripting Vulnerabilities phpVibe Multiple Cross-Site Scripting Vulnerabilities Gnew Cross-Site Scripting and SQL Injection Vulnerabilities Atlassian Confluence "title" and "labelString" Cross-Site Scripting Vulnerabilities Jahia xCM Multiple Cross-Site Scripting Vulnerabilities OSSIM Cross-Site Scripting and SQL Injection Vulnerabilities JM LLC Basic Forum Multiple Vulnerabilities Saurus CMS Multiple Vulnerabilities Collabtive Multiple Vulnerabilities WordPress WooCommerce Plugin "calc_shipping_state" Script Insertion Vulnerability Dell KACE K1000 System Management Appliance Multiple Vulnerabilities OpenEMR Script Insertion and SQL Injection Vulnerabilities McAfee ePolicy Orchestrator Multiple Cross-Site Scripting Vulnerabilities Alkacon OpenCms Multiple Cross-Site Scripting Vulnerabilities Kasseler CMS Script Insertion and Cross-Site Request Forgery Vulnerabilities Sharetronix "email" Cross-Site Scripting Vulnerability Caucho Resin Two Cross-Site Scripting Vulnerabilities SweetRice "search" Cross-Site Scripting Vulnerability Scriptalicious SEO Scripts Pro Multiple Cross-Site Scripting Vulnerabilities WordPress Spider Catalog Plugin Cross-Site Scripting and SQL Injection Vulnerabilities WordPress Spider Event Calendar Plugin Security Bypass and Cross-Site Scripting Vulnerabilities Jojo CMS Cross-Site Scripting and SQL Injection Vulnerabilities b2evolution "p" Script Insertion Vulnerability Microsoft Products HTML Sanitisation Component Cross-Site Scripting Vulnerability OTRS ITSM / FAQ Module Security Bypass and Script Insertion Vulnerabilities MantisBT "name" Script Insertion Vulnerability MantisBT "version" Script Insertion Vulnerability WordPress WP FuneralPress Plugin Multiple Script Insertion Vulnerabilities Daddy's File Host Two Cross-Site Scripting Vulnerabilities WordPress FAQs Manager Plugin Cross-Site Request Forgery and "question" Script Insertion Vulnerabilities WordPress Count per Day Plugin Two Vulnerabilities WordPress Contact Form Plugin "cntctfrm_contact_email" Cross-Site Scripting Vulnerability glFusion Multiple Cross-Site Scripting Vulnerabilities Open Review Script "keyword" Cross-Site Scripting Vulnerability OpenEMR Multiple Vulnerabilities WordPress CommentLuv Plugin "_ajax_nonce" Cross-Site Scripting Vulnerability MantisBT Cross-Site Scripting and Script Insertion Vulnerabilities phlyMail Lite "go" Redirection Weakness and Multiple Script Insertion Vulnerabilities E.M.M.A. Multiple Script Insertion Vulnerabilities Microsoft System Center Operations Manager Cross-Site Scripting Vulnerabilities MyBB Profile Wii Friend Code Plugin Cross-Site Scripting and SQL Injection Vulnerabilities Havalite "comment" Script Insertion Vulnerability WordPress WP Photo Album Plus Plugin "wppa-searchstring" Cross-Site Scripting Vulnerability MyBB Profile Xbox Live ID Plugin "xli" SQL Injection and Script Insertion Vulnerabilities MyBB MyTube Plugin "profile_fields[]" Script Insertion Vulnerability MyBB User Profile Skype ID Plugin "skype" Script Insertion and SQL Injection Vulnerabilities MyBB Facebook profile link on Postbit Plugin Script Insertion Vulnerability MyBB Profile Blogs Plugin Script Insertion and SQL Injection Vulnerabilities MyBB Tips Of The Day Plugin Script Insertion and SQL Injection Vulnerabilities ManageEngine MSP Center Plus Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Axis Two Script Insertion Vulnerabilities ManageEngine ServiceDesk Plus "title" Script Insertion Vulnerability Intramaps Multiple Vulnerabilities ZPanel Cross-Site Request Forgery and SQL Injection Vulnerabilities Dokeos Multiple Script Insertion and SQL Injection Vulnerabilities ManageEngine SupportCenter Plus Multiple Cross-Site Scripting Vulnerabilities WordPress Wordfence Plugin "email" Cross-Site Scripting Vulnerability Subrion CMS Cross-Site Scripting and SQL Injection vulnerabilities Template CMS Cross-Site Scripting and Request Forgery Vulnerabilities ViArt Shop Multiple Script Insertion Vulnerabilities Fortinet FortiOS (FortiGate) Two Cross-Site Scripting Vulnerabilities TorrentTrader Cross-Site Scripting and SQL Injection Vulnerabilities webERP Multiple Vulnerabilities Clipster "username" Script Insertion Vulnerability PrestaShop Multiple Cross-Site Scripting Vulnerabilities WordPress Count Per Day Plugin Security Bypass and "note" Script Insertion Vulnerabilities Ad Manager Pro Cross-Site Scripting and SQL Injection Vulnerabilities WordPress Count Per Day Plugin Search Bar Cross-Site Scripting Vulnerability Chamilo Multiple Vulnerabilities SiNG CMS "email" Cross-Site Scripting Vulnerability Monstra CMS "page_title" Script Insertion Vulnerability xt:Commerce "products_name_de" Script Insertion Vulnerability Jease "subject" and "comment" Cross-Site Scripting Vulnerabilities WordPress RSVPMaker RVSP Report Script Insertion Vulnerability Drupal HotBlocks Module Script Insertion and Denial of Service Vulnerabilities Drupal Custom Publishing Options Module Status Label Script Insertion Vulnerability Jease "author" Cross-Site Scripting Vulnerability Flynax General Classifieds Multiple Cross-Site Scripting Vulnerabilities WordPress WP Lead Management Plugin Script Insertion Vulnerabilities Mahara Script Insertion and Cross-Site Scripting Vulnerabilities Ushahidi Multiple Vulnerabilities SocialEngine "tags" Two Script Insertion Vulnerabilities Spiceworks snmpd.conf Script Insertion Vulnerabilities WordPress LeagueManager Plugin Multiple Cross-Site Scripting Vulnerabilities DokuWiki "ns" Cross-Site Scripting Vulnerability GLPI Cross-Site Scripting and Request Forgery Vulnerabilities Phonalisa Multiple Cross-Site Scripting Vulnerabilities Microsoft SharePoint Multiple Vulnerabilities Microsoft InfoPath and Groove Server Cross-Site Scripting Vulnerability Netsweeper Multiple Vulnerabilities MGB Multiple Cross-Site Scripting and SQL Injection Vulnerabilities ElfChat Multiple Cross-Site Scripting Vulnerabilities Interspire Shopping Cart "prodName" and "couponname" Script Insertion Vulnerabilities Croogo CMS Multiple Script Insertion Vulnerabilities WordPress Schreikasten Plugin "alias" and "text" Script Insertion Vulnerabilities LiveStreet CMS "ts" Cross-Site Scripting Vulnerabilities Balitbang CMS Multiple Vulnerabilities Bricolage Multiple Cross-Site Scripting and Script Insertion Vulnerabilities MediaWiki "uselang" Cross-Site Scripting Vulnerability Vanilla Forums kPoll Plugin Poll Title Script Insertion Vulnerability SyndeoCMS Script Insertion and SQL Injection Vulnerabilities Hexamail Server Webmail Email Body Script Insertion Vulnerability WordPress Theme My Login Plugin "instance" Cross-Site Scripting Vulnerability Vanilla Forums Tagging Plugin Discussion/Tags Script Insertion Vulnerability Vanilla Forums Poll Plugin Poll Title and Answer Title Script Insertion Vulnerabilities activeCollab Multiple Vulnerabilities SocialEngine Multiple Vulnerabilities RuubikCMS Multiple Vulnerabilities Vanilla Forums FirstLastNames Plugin Profile Two Script Insertion Vulnerabilities Pligg CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities Vanilla Forums LatestComment Plugin Discussion Title Script Insertion Vulnerability Vanilla Forums AboutMe Plugin Multiple Script Insertion Vulnerabilities Artiphp Multiple Vulnerabilities PHP-addressbook Multiple Vulnerabilities Joomla! JCE Component Cross-Site Scripting and Arbitrary File Upload Vulnerabilities WordPress Subscribe2 "subject" and "searchterm" Cross-Site Scripting Vulnerabilities WordPress Newsletter Manager Plugin "xyz_em_campName" Cross-Site Scripting Vulnerability WordPress Network Publisher Plugin "networkpub_key" Cross-Site Scripting Vulnerability WordPress SoundCloud Is Gold Plugin "width" Cross-Site Scripting Vulnerability WordPress Newsletter Manager Plugin Cross-Site Scripting and Request Forgery Vulnerabilities WordPress WP Easy Gallery Plugin Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities WordPress CodeStyling Localization Plugin Multiple Cross-Site Scripting Vulnerability FreeRealty Multiple Vulnerabilities Proman Xpress "cl_comments" Script Insertion Vulnerability Sockso "name" Script Insertion Vulnerability Genium CMS "itemID" Cross-Site Scripting Vulnerability Baby Gekko Multiple Cross-Site Scripting Vulnerabilities Baby Gekko URL Cross-Site Scripting Vulnerability WordPress Zingiri Web Shop Plugin Script Insertion Vulnerability PHP-pastebin Paste Title Script Insertion Vulnerability MyClientBase Script Insertion and SQL Injection Vulnerabilities ManageEngine SupportCenter Plus Multiple Vulnerabilities SKYUC "encode" Cross-Site Scripting Vulnerability WordPress Zingiri Web Shop Plugin Cross-Site Scripting and Script Insertion Vulnerabilities Joomla! nBill Component "message" Cross-Site Scripting Vulnerability Kaseya "adminName" Cross-Site Scripting Vulnerability ReadyDesk Multiple Script Insertion Vulnerabilities Xoops "to_userid" and "current_file" Cross-Site Scripting Vulnerabilities Ushahidi Cross-Site Request Forgery and Script Insertion Vulnerabilities Apache OFBiz Cross-Site Scripting and Code Execution Vulnerabilities Apache OFBiz Cross-Site Scripting and Script Insertion Vulnerabilities epesi BIM Event Description Script Insertion Vulnerability Tufin SecureTrack Multiple Script Insertion Vulnerabilities BGS CMS Multiple Vulnerabilities Pluck SiteLife Multiple Cross-Site Scripting Vulnerabilities Nimbuzz Chat History "View in browser" Script Insertion Vulnerability osCMax Multiple Vulnerabilities FlatnuX NEXT CMS Cross-Site Request Forgery and Script Insertion Vulnerabilities Coppermine Photo Gallery "keywords" Script Insertion Vulnerability vBulletin vBShop Module Multiple Script Insertion Vulnerabilities vBulletin vBDownloads Module "mirrors[]" Script Insertion Vulnerability SWTOR CharDB Multiple Vulnerabilities TP-LINK TL-WR740N "ping_addr" Cross-Site Scripting Vulnerability SysAid Cross-Site Scripting and Script Insertion Vulnerabilities Yealink VOIP Phones "name" Script Insertion Vulnerability Etano Multiple Cross-Site Scripting Vulnerabilities Refinery CMS "refinery_user[email]" Cross-Site Scripting Vulnerability BrewBlogger Multiple Vulnerabilities WebCalendar Multiple Cross-Site Scripting Vulnerabilities LDAP Account Manager Pro Multiple Cross-Site Scripting Vulnerabilities CMS Builder "title" and "summary" Script Insertion Vulnerabilities Dotclear Multiple Cross-Site Scripting Vulnerabilities Anchor CMS "real_name" Script Insertion Vulnerability WonderDesk SQL Multiple Cross-Site Scripting and Script Insertion Vulnerabilities Elefant CMS Multiple Cross-Site Scripting Vulnerabilities SocialCMS Enterprise Cross-Site Scripting and SQL Injection Vulnerabilities Chyrp "body" Cross-Site Scripting Vulnerability Chyrp "content" Cross-Site Scripting Vulnerability IBM WebSphere Lombardi Edition Coach Script Insertion Vulnerability Jamroom "user_action" Script Insertion Vulnerability F*EX Multiple Cross-Site Scripting Vulnerabilities X3 CMS "search" Cross-Site Scripting Vulnerability MoniWiki "login_id" Cross-Site Scripting Vulnerability SQL Buddy Multiple Cross-Site Scripting Vulnerabilities Jenkins "description" Script Insertion Vulnerability WordPress cformsII Plugin "rs" Cross-Site Scripting Vulnerability Microsoft SharePoint Multiple Cross-Site Scripting Vulnerabilities Fork CMS "report" and "error" Cross-Site Scripting Vulnerabilities WordPress s2Member Pro Plugin "Coupon Code" Cross-Site Scripting Vulnerability Horde Groupware Two Vulnerabilities Horde Groupware Webmail Edition Multiple Vulnerabilities zenphoto Multiple Vulnerabilities freelancerKit Script Insertion and SQL Injection Vulnerabilities Horde Application Framework Two Vulnerabilities ManageEngine ADManager Plus Two Cross-Site Scripting Vulnerabilities XWiki Enterprise Two Script Insertion Vulnerabilities NexorONE "message" Cross-Site Scripting Vulnerability Foswiki Multiple Script Insertion Vulnerabilities pragmaMx "message" Script Insertion Vulnerability SilverStripe Multiple Script Insertion Vulnerabilities TWiki User Organization Script Insertion Vulnerability phplist Multiple Cross-Site Scripting Vulnerabilities Smokeping "displaymode" Cross-Site Scripting Vulnerability WordPress uCan Post Plugin Two Script Insertion Vulnerabilities Drupal Panels Module Customised Layout Region Title Script Insertion Vulnerability Kayako SupportSuite Weakness and Multiple Vulnerabilities Oracle WebLogic Server Cross-Site Scripting and Denial of Service Vulnerabilities @Mail Server Multiple Script Insertion Vulnerabilities Drupal Vote Up/Down Module Taxonomy Script Insertion Vulnerability w-CMS Multiple Vulnerabilities X3 CMS Two Cross-Site Scripting Vulnerabilities Gelin's Guest Book Two Script Insertion Vulnerabilities ImpressCMS Multiple Vulnerabilities Drupal Lingotek Module Script Insertion Vulnerability tinyguestbook Script Insertion and SQL Injection Vulnerabilities BigACE Web CMS Multiple Cross-Site Scripting Vulnerabilities Rapidleech Cross-Site Scripting and Script Insertion Vulnerabilities yaws-wiki Multiple Cross-Site Scripting and Script Insertion Vulnerabilities Winn Guestbook Cross-Site Scripting and Cross-Site Request Forgery Vulnerabilities Bugzilla Multiple Vulnerabilities e107 Multiple Vulnerabilities Open Business Management Multiple Vulnerabilities Whois.Cart Billing "domainname" Cross-Site Scripting Vulnerability SpamTitan Multiple Cross-Site Scripting Vulnerabilities Contentpapst Multiple Cross-Site Scripting and Script Insertion Vulnerabilities Zabbix Two Script Insertion Vulnerabilities BrowserCRM Multiple Vulnerabilities Drupal Meta tags quick Module Script Insertion Vulnerability eSyndiCat Directory Software Pro Multiple Cross-Site Scripting Vulnerabilities Barracuda Web Filter Multiple Script Insertion Vulnerabilities Cacti Multiple Vulnerabilities CA Multiple Products "target" Cross-Site Scripting Vulnerability Red Hat Network Satellite Server "Description" Script Insertion Vulnerability PunBB "linkedin" Script Insertion Vulnerability Elxis CMS Two Cross-Site Scripting Vulnerabilities Plone Multiple Vulnerabilities Etomite Search Cross-Site Scripting Vulnerability WordPress Lazyest Backup Plugin "xml_or_all" Cross-Site Scripting Vulnerability HP Network Node Manager i Multiple Cross-Site Scripting Vulnerabilities razorCMS Multiple Vulnerabilities Joomla JComments Component "name" Script Insertion Vulnerability PrestaShop Multiple Cross-Site Scripting Vulnerabilities Zen Cart Multiple Vulnerabilities WordPress MeeNews Plugin "idnews" Cross-Site Scripting Vulnerability WordPress WP e-Commerce Plugin Script Insertion Vulnerability FishEye / Crucible Security Bypass Security Issue and Script Insertion Vulnerabilities GoAhead WebServer Multiple Script Insertion Vulnerabilities GoAhead WebServer "name" and "address" Cross-Site Scripting Vulnerabilities Campsite Cross-Site Scripting and Script Insertion Vulnerabilities MetInfo "searchword" Cross-Site Scripting Vulnerability Joomla DJ-ArtGallery Component "cid[]" Two Vulnerabilities iScripts eSwap Cross-Site Scripting and SQL Injection Vulnerabilities iScripts EasyBiller SQL Injection and Script Insertion Vulnerabilities fileNice "sstring" Cross-Site Scripting Vulnerability Science Fair In A Box "type" Cross-Site Scripting and SQL Injection SchoolMation "session" Cross-Site Scripting Vulnerability Rayzz Photoz "profileCommentTextArea" Script Insertion Vulnerability Infoblox Trinzic NetMRI Two Cross-Site Scripting Vulnerabilities ReviewBoard Diff and Screenshot Comments Script Insertion Vulnerabilities LimeSurvey Survey Text Field Tooltip Script Insertion Vulnerability Hotaru CMS Search Plugin "search" Cross-Site Scripting Vulnerability Joomla! ALFContact Component Multiple Cross-Site Scripting Vulnerabilities Joomla! Multiple Vulnerabilities iGuard Biometric Access Control Unspecified Cross-Site Scripting Vulnerability Drupal String Overrides Module Two Script Insertion Vulnerabilities HP Network Node Manager i Cross-Site Scripting Vulnerabilities Dolibarr ERP/CRM Multiple Vulnerabilities Drupal Quiz Module Multiple Script Insertion Vulnerabilities Hyperic HQ Enterprise Multiple Vulnerabilities CmyDocument Content Management Multiple Vulnerabilities Barracuda Link Balancer "zoneid" and "scope" Cross-Site Scripting Vulnerabilities Spacewalk Multiple Vulnerabilities DotNetNuke Editor Script Insertion Vulnerability Symphony CMS Multiple Cross-Site Scripting and SQL Injection Vulnerabilities WordPress ClassiPress Theme "twitter_id" and "facebook_id" Script Insertion Vulnerabilities Symantec Endpoint Protection Manager Cross-Site Scripting and Request Forgery PHP Album Multiple Vulnerabilities Online Subtitles Workshop "comment" Script Insertion Vulnerability PacketFence "p" and "destination_url" Cross-Site Scripting Vulnerabilities NinkoBB Multiple Vulnerabilities ColdGen ColdUserGroup Cross-Site Scripting and SQL Injection Vulnerabilities ColdGen ColdBookmarks Multiple Vulnerabilities MicroNetSoft RV Dealer Website Multiple SQL Injection Vulnerabilities zenphoto "user" Cross-Site Scripting Vulnerability MySource Matrix "height" and "width" Cross-Site Scripting Vulnerabilities Member Management System "REF_URL" Cross-Site Scripting Vulnerability chillyCMS "name" Cross-Site Scripting and SQL Injection Vulnerabilities TYPO3 powermail Extension Cross-Site Scripting Vulnerability TYPO3 XING Button Extension Cross-Site Scripting Vulnerability TYPO3 The official twitter tweet button for your page Extension Cross-Site Scripting Vulnerability Pilot Cart Multiple Vulnerabilities TYPO3 Branchenbuch (Yellow Pages) Extension Cross-Site Scripting Vulnerability TYPO3 Questionnaire Extension Cross-Site Scripting and SQL Injection Vulnerabilities Joomla Frei-Chat Component One Script Insertion Vulnerability Entrans Cross-Site Scripting and SQL Injection Vulnerabilities @mail Webmail Client "MailType" Cross-Site Scripting Vulnerability OpenEMR Multiple Vulnerabilities OpenEMR Script Insertion and SQL Injection Vulnerabilities Site@School Multiple Vulnerabilities TYPO3 phpMyAdmin Extension Cross-Site Scripting Vulnerability AContent Multiple Vulnerabilities phpMyAdmin "setup.php" Cross-Site Scripting Vulnerability BugFree Multiple Cross-Site Scripting Vulnerabilities Kent Web Forum Unspecified Cross-Site Scripting Vulnerability Kent Web Forum Unspecified Cross-Site Scripting Vulnerability Geeklog BBcode Script Insertion Vulnerabilities Phorum "phorum_admin_token" Cross-Site Scripting Vulnerability 6kbbs Multiple Vulnerabilities JAKCMS "userpost" Script Insertion Vulnerability Joomla! Barter Component Multiple Vulnerabilities OCS Inventory NG System Information Script Insertion Vulnerability Sonexis ConferenceManager Script Insertion and SQL Injection Vulnerabilities Tembria Server Monitor Cross-Site Scripting and Credentials Disclosure Vulnerabilities Xoops Multiple Cross-Site Scripting Vulnerabilities enkai Unspecified Cross-Site Scripting Vulnerability Xoops Cross-Site Scripting and Script Insertion Vulnerabilities Tine 2.0 Multiple Cross-Site Scripting Vulnerabilities Drupal Petition Node Module Script Insertion Vulnerability Drupal Homebox Module Script Insertion Vulnerability ServersCheck Monitoring Multiple Vulnerabilities vtiger CRM Multiple Vulnerabilities Achievo Multiple Vulnerabilities Novell Identity Manager Cross-Site Scripting Vulnerabilities Joomla! Google Website Optimizer Component Section Names Script Insertion Vulnerability Barracuda Backup Multiple Script Insertion Vulnerabilities phpPgAdmin Multiple Cross-Site Scripting Vulnerabilities ProjectForum "newname" Script Insertion Vulnerability IBM WebSphere Application Server IVT Cross-Site Scripting Vulnerability BaserCMS Unspecified Cross-Site Scripting Vulnerability bitweaver Cross-Site Scripting and Script Insertion Vulnerabilities Symantec IM Manager Multiple Vulnerabilities Parallels Plesk Panel Cross-Site Scripting and SQL Injection Vulnerabilities Plesk and Parallels Plesk Panel Multiple Cross-Site Scripting Vulnerabilities TYPO3 T3BLOG Extension Comment Parent Title Cross-Site Scripting Vulnerability BuddyPress Blogs MU Theme Profile CSS Script Insertion Vulnerability TYPO3 jQuery Colorbox Extension Cross-Site Scripting Vulnerability Joomla! Information Disclosure and Cross-Site Scripting Vulnerabilities Atlassian JIRA Cross-Site Scripting and Script Insertion Vulnerabilities SonicWALL ViewPoint Multiple Vulnerabilities Cacti Cross-Site Scripting and SQL Injection Vulnerabilities WordPress XCloner Plugin Multiple Vulnerabilities FBC-Market Multiple Vulnerabilities FAST ESP Cross-Site Scripting Vulnerability CMS Faethon Cross-Site Scripting and SQL Injection Joomla! JSupport Component Script Insertion and SQL Injection Vulnerabilities PHPShop "name_new" Cross-Site Scripting Vulnerability Drupal Flag Content Module Script Insertion Vulnerability phpList Multiple Vulnerabilities FortiNet FortiAnalyzer Cross-Site Scripting and Script Insertion Vulnerabilities Drupal Hostmaster (Aegir) Module Custom Body Classes Cross-Site Scripting Vulnerability Drupal Views Bulk Operations Module Vocabulary Help Script Insertion Vulnerability Pligg CMS Multiple Cross-Site Scripting Vulnerabilities Gerd Tentler Simple Forum "sfText" Cross-Site Scripting Vulnerability Gerry GuestBook "gbText" Cross-Site Scripting Vulnerability Toko Lite CMS "path" and "currPath" Cross-Site Scripting Vulnerabilities SemanticScuttle "address" Script Insertion Vulnerability SAP Crystal Reports "service" Cross-Site Scripting Vulnerability phpMyAdmin Multiple Script Insertion Vulnerabilities Support Incident Tracker Multiple Vulnerabilities TIBCO Managed File Transfer Products Cross-Site Scripting and Session Fixation Vulnerabilities Microsoft SharePoint Cross-Site Scripting and Script Insertion Vulnerabilities IBM Tivoli Security Information and Event Manager Custom Reports Cross-Site Scripting Vulnerability LightNEasy Multiple Script Insertion Vulnerabilities TYPO3 MailformPlus Extension Cross-Site Scripting Vulnerability TYPO3 SmoothGallery Extension Two Vulnerabilities TYPO3 Direct Mail Subscription Extension Two Vulnerabilities Phorum "real_name" Cross-Site Scripting Vulnerability Hastymail2 Two Cross-Site Scripting Vulnerabilities MyBB Recent Topics on Index page Plugin Two Vulnerabilities GentleSource Short URL "u" Script Insertion Vulnerability GentleSource Tell a Friend Multiple Cross-Site Scripting Vulnerabilities TIBCO Spotfire Products Multiple Vulnerabilities Drupal Node Invite Module Cross Site Scripting Vulnerability MantisBT Multiple Vulnerabilities JAMF Products "username" Cross-Site Scripting Vulnerability MyBB Recent Topics on Index page Plugin Two Vulnerabilities Citrix Access Gateway Logon Portal Cross Site Scripting Vulnerability SAP NetWeaver MailExamples Module Cross Site Scripting Vulnerability vBulletin "AdminCP" Data Processing Cross Site Scripting Vulnerability EMC Captiva eInput File Disclosure and Cross Site Scripting Vulnerabilities HP SiteScope Cross Site Scripting and Session Fixation Vulnerabilities TYPO3 Cross Site Scripting and Information Disclosure Vulnerabilities Hitachi JP1/Performance Management Web Console Cross Site Scripting Symantec Web Gateway Management Console Remote SQL Injection IBM Tivoli Security Information and Event Management Cross Site Scripting BEdita Comments and Objects Handling Cross Site Scripting Vulnerabilities SAP NetWeaver Multiple Cross Site Scripting and Authentication Bypass IBM WebSphere Portal Search Center Cross Site Scripting Vulnerability phpMyAdmin Cross Site Scripting and URL Redirection Vulnerabilities HP Business Availability Center (BAC) Cross Site Scripting Vulnerability CA eHealth Parameters Processing Cross Site Scripting Vulnerabilities Debian Security Update Fixes OTRS Cross Site Scripting Vulnerabilities Horde Application Framework Cross Site Scripting and Security Bypass Webmin "Full Name" Field Handling Cross Site Scripting Vulnerability HP SiteScope Cross Site Scripting and HTML Injection Vulnerabilities Debian Security Update Fixes Request Tracker Multiple Vulnerabilities HP Proliant Support Pack Cross Site Scripting and Information Disclosure RSA Adaptive Authentication Flash File Cross Site Scripting Vulnerability Joomla SQL Injection and Multiple Information Disclosure Vulnerabilities SAP Web Application Server Cross Site Scripting and URL Redirection MediaWiki Cross Site Scripting and CSS Image Injection Vulnerabilities HP Network Node Manager i Cross Site Scripting and Unauthorized Access BlackBerry Enterprise Server Web Desktop Manager Cross Site Scripting 100 last CVE   CVE-2018-8831 CVE-2018-8716 CVE-2018-7717 CVE-2017-9337 CVE-2017-9336 CVE-2017-7203 CVE-2017-6481 CVE-2017-5368 CVE-2017-5367 CVE-2017-3133 CVE-2017-3132 CVE-2017-3131 CVE-2017-2168 CVE-2017-12649 CVE-2017-12648 CVE-2017-12647 CVE-2017-12646 CVE-2017-12645 CVE-2017-11503 CVE-2017-1002022 CVE-2017-1002021 CVE-2017-1002020 CVE-2017-1002019 CVE-2017-1002018 CVE-2017-1002017 CVE-2017-1000425 CVE-2017-1000032 CVE-2017-1000031 CVE-2016-9214 CVE-2016-9119 CVE-2016-7851 CVE-2016-77799 CVE-2016-77726 CVE-2016-77642 CVE-2016-77628 CVE-2016-77532 CVE-2016-77517 CVE-2016-77503 CVE-2016-77475 CVE-2016-77364 CVE-2016-77360 CVE-2016-77341 CVE-2016-77339 CVE-2016-77337 CVE-2016-77217 CVE-2016-77193 CVE-2016-77035 CVE-2016-77022 CVE-2016-77009 CVE-2016-7419 CVE-2016-7148 CVE-2016-7146 CVE-2016-6565 CVE-2016-6484 CVE-2016-6283 CVE-2016-5839 CVE-2016-5838 CVE-2016-5837 CVE-2016-5836 CVE-2016-5835 CVE-2016-5834 CVE-2016-5833 CVE-2016-5832 CVE-2016-5103 CVE-2016-5099 CVE-2016-5098 CVE-2016-5097 CVE-2016-4825 CVE-2016-3670 CVE-2016-2562 CVE-2016-2561 CVE-2016-2560 CVE-2016-2559 CVE-2016-2228 CVE-2016-2045 CVE-2016-2044 CVE-2016-2043 CVE-2016-2042 CVE-2016-2041 CVE-2016-2040 CVE-2016-2039 CVE-2016-2038 CVE-2016-1927 CVE-2016-1912 CVE-2016-1398 CVE-2016-1397 CVE-2016-1396 CVE-2016-1395 CVE-2016-1377 CVE-2016-1209 CVE-2016-10404 CVE-2016-10140 CVE-2016-1000155 CVE-2016-1000154 CVE-2016-1000153 CVE-2016-1000152 CVE-2016-1000151 CVE-2016-1000150 CVE-2016-1000149 CVE-2016-1000148    Risk level  Moderate