Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15898 | 1 Nagios | 1 Log Server | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | |||||
| CVE-2015-9369 | 1 Ithemes | 1 Easy Us Sales Taxes | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15836 | 1 Bootstrapped | 1 Wp Ultimate Recipe | 2019-09-04 | 3.5 LOW | 5.4 MEDIUM |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | |||||
| CVE-2019-15700 | 1 Frappe | 1 Frappe | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | |||||
| CVE-2015-9375 | 1 Ithemes | 1 Table Rate Shipping | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9373 | 1 Webdevstudios | 1 Ithemes Paypal Pro | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9366 | 1 Ithemes | 1 Custom Url Tracking | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9370 | 1 Ithemes | 1 Invoices | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9371 | 1 Ithemes | 1 Manual Purchases | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9372 | 1 Ithemes | 1 Membership | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15837 | 1 Bitwise-it | 1 Webp Express | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. | |||||
| CVE-2019-15777 | 1 Shapepress | 1 Wp Dsgvo Tools | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | |||||
| CVE-2015-9374 | 1 Ithemes | 1 Stripe | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15829 | 1 Greentreelabs | 1 Gallery Photoblocks | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | |||||
| CVE-2019-15827 | 1 Onesignal | 1 Onesignal-free-web-push-notifications | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | |||||
| CVE-2018-15510 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-12754 | 1 Symantec | 1 Vip | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-15511 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15864 | 1 Holest | 1 Breadcrumbs By Menu | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. | |||||
| CVE-2018-15512 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15870 | 1 Carspot Project | 1 Carspot | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. | |||||
| CVE-2019-15869 | 1 Jobcareer Project | 1 Jobcareer | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The JobCareer theme before 2.5.1 for WordPress has stored XSS. | |||||
| CVE-2015-9367 | 1 Ithemes | 1 Easy Canadian Sales Taxes | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9368 | 1 Ithemes | 1 Easy Eu Value Added \(vat\) Taxes | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-5590 | 1 Fortinet | 1 Fortiweb | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | |||||
| CVE-2019-15838 | 1 Custom 404 Pro Project | 1 Custom 404 Pro | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | |||||
| CVE-2015-9358 | 1 Feedwordpress Project | 1 Feedwordpress | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15817 | 1 Realestateconnected | 1 Easy Property Listings | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. | |||||
| CVE-2015-9378 | 1 Ithemes | 1 Builder Theme Market | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9355 | 1 Simbahosting | 1 Two-factor-authentication | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. | |||||
| CVE-2015-9379 | 1 Ithemes | 1 Builder Style Manager | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9377 | 1 Ithemes | 1 Builder Theme Depot | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Builder Theme Depot before 5.0.30 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15811 | 1 Domainmod | 1 Domainmod | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | |||||
| CVE-2019-15842 | 1 Easy Pdf Restaurant Menu Upload Project | 1 Easy Pdf Restaurant Menu Upload | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. | |||||
| CVE-2019-15778 | 1 Getwooplugins | 1 Additional Variation Images For Woocommerce | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | |||||
| CVE-2018-17866 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in includes/core/um-actions-login.php in the "Ultimate Member - User Profile & Membership" plugin before 2.0.28 for WordPress allow remote attackers to inject arbitrary web script or HTML via the "Primary button Text" or "Second button text" field. | |||||
| CVE-2018-16967 | 1 File Manager Project | 1 File Manager | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is an XSS vulnerability in the mndpsingh287 File Manager plugin 3.0 for WordPress via the page=wp_file_manager_root public_path parameter. | |||||
| CVE-2019-15081 | 1 Opencart | 1 Opencart | 2019-09-02 | 3.5 LOW | 4.8 MEDIUM |
| OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. | |||||
| CVE-2019-13234 | 1 Alkacon | 1 Opencms Apollo Template | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the search engine. | |||||
| CVE-2019-13235 | 1 Alkacon | 1 Opencms Apollo Template | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the Alkacon OpenCms Apollo Template 10.5.4 and 10.5.5, there is XSS in the Login form. | |||||
| CVE-2019-13236 | 1 Alkacon | 1 Opencms | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In system/workplace/ in Alkacon OpenCms 10.5.4 and 10.5.5, there are multiple Reflected and Stored XSS issues in the management interface. | |||||
| CVE-2016-10872 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.40 for WordPress has XSS on the login form. | |||||
| CVE-2016-10875 | 1 Wpseeds | 1 Wp Database Backup | 2019-09-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 4.3.1 for WordPress has XSS. | |||||
| CVE-2011-5329 | 1 Redirection | 1 Redirection | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirection plugin before 2.2.9 for WordPress has XSS in the admin menu, a different issue than CVE-2011-4562. | |||||
| CVE-2012-6717 | 1 Redirection | 1 Redirection | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirection plugin before 2.2.12 for WordPress has XSS, a different issue than CVE-2011-4562. | |||||
| CVE-2015-9359 | 1 Automattic | 1 Jetpack | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9360 | 1 Updraftplus | 1 Updraftplus | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updraftplus plugin before 1.9.64 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2017-18593 | 1 Updraftplus | 1 Updraftplus | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updraftplus plugin before 1.13.5 for WordPress has XSS in rare cases where an attacker controls a string logged to a log file. | |||||
| CVE-2015-9356 | 1 Wp-vipergb Project | 1 Wp-vipergb | 2019-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460. | |||||
| CVE-2019-15230 | 1 Librenms | 1 Librenms | 2019-08-30 | 3.5 LOW | 5.4 MEDIUM |
| LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account. | |||||