Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15476 | 1 Former Project | 1 Former | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Former before 4.2.1 has XSS via a checkbox value. | |||||
| CVE-2019-15482 | 1 Selectize-plugin-a11y Project | 1 Selectize-plugin-a11y | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| selectize-plugin-a11y before 1.1.0 has XSS via the msg field. | |||||
| CVE-2019-3966 | 1 Open-emr | 1 Openemr | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the foreign_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2019-11584 | 1 Atlassian | 1 Jira | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MigratePriorityScheme resource in Jira before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in the priority icon url of an issue priority. | |||||
| CVE-2018-12101 | 1 Clippercms | 1 Clippercms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| CMS Clipper 1.3.3 has XSS in the Security tab search, User Groups, Resource Groups, and User/Resource Group Links fields. | |||||
| CVE-2019-14427 | 1 Webstudio | 1 Ultimate Loan Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. | |||||
| CVE-2019-15487 | 1 Schoolexperience | 1 Department For Education School Experience | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DfE School Experience before v16333-GA has XSS via a teacher training URL. | |||||
| CVE-2019-15492 | 1 It-novum | 1 Openitcockpit | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| openITCOCKPIT before 3.7.1 has reflected XSS, aka RVID 3-445b21. | |||||
| CVE-2019-15489 | 1 Laracom | 1 Laracom | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| laracom (aka Laravel FREE E-Commerce Software) 1.4.11 has search?q= XSS. | |||||
| CVE-2019-15481 | 1 Kimai | 1 Kimai 2 | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kimai v2 before 1.1 has XSS via a timesheet description. | |||||
| CVE-2019-15477 | 1 Jooby | 1 Jooby | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jooby before 1.6.4 has XSS via the default error handler. | |||||
| CVE-2019-15486 | 1 Django Js Reverse Project | 1 Django Js Reserve | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| django-js-reverse (aka Django JS Reverse) before 0.9.1 has XSS via js_reverse_inline. | |||||
| CVE-2019-15480 | 1 Domoticz | 1 Domoticz | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| Domoticz 4.10717 has XSS via item.Name. | |||||
| CVE-2014-10385 | 1 Memphis Documents Library Project | 1 Memphis Documents Library | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | |||||
| CVE-2013-7482 | 1 Reflex Gallery Project | 1 Reflex Gallery | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | |||||
| CVE-2019-15317 | 1 Impress | 1 Givewp | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| The give plugin before 2.4.7 for WordPress has XSS via a donor name. | |||||
| CVE-2019-15095 | 1 Diaowen | 1 Dwsurvey | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| DWSurvey through 2019-07-22 has reflected XSS via the design/qu-multi-fillblank!answers.action surveyId parameter. | |||||
| CVE-2016-6154 | 2 Microsoft, Watchguard | 2 Windows, Fireware | 2019-08-26 | 5.8 MEDIUM | 6.1 MEDIUM |
| The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect). | |||||
| CVE-2019-15532 | 1 Gchq | 1 Cyberchef | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| CyberChef before 8.31.2 allows XSS in core/operations/TextEncodingBruteForce.mjs. | |||||
| CVE-2017-18575 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | |||||
| CVE-2017-18572 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 1.4.2 for WordPress has XSS. | |||||
| CVE-2019-15478 | 1 Status Board Project | 1 Status Board | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Status Board 1.1.81 has reflected XSS via logic.ts. | |||||
| CVE-2016-10920 | 1 Sir | 1 Gnucommerce | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | |||||
| CVE-2016-10919 | 1 Wassup Real Time Analytics Project | 1 Wassup Real Time Analytics | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | |||||
| CVE-2018-20983 | 1 Meowapps | 1 Wp Retina 2x | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. | |||||
| CVE-2017-18582 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.2 for WordPress has multiple XSS issues. | |||||
| CVE-2019-5594 | 1 Fortinet | 1 Fortinac | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI. | |||||
| CVE-2019-0337 | 1 Sap | 1 Netweaver Process Integration | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Java Proxy Runtime of SAP NetWeaver Process Integration, versions 7.10, 7.11, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs and allows an attacker to execute malicious scripts in the url thereby resulting in Reflected Cross-Site Scripting (XSS) vulnerability | |||||
| CVE-2019-0335 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Under certain conditions SAP BusinessObjects Business Intelligence Platform (Central Management Console), versions 4.1, 4.2, 4.3, allows an attacker to store a malicious payload within the description field of a user account. The payload is triggered when the mouse cursor is moved over the description field in the list, when generating the little yellow informational pop up box, resulting in Stored Cross Site Scripting Attack. | |||||
| CVE-2018-20975 | 1 Fatfreecrm | 1 Fat Free Crm | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. | |||||
| CVE-2015-9336 | 1 Codection | 1 Clean Login | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The clean-login plugin before 1.5.1 for WordPress has reflected XSS. | |||||
| CVE-2019-15228 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors. | |||||
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | |||||
| CVE-2019-14469 | 1 Sonatype | 1 Nexus Repository Manager | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | |||||
| CVE-2013-7479 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | |||||
| CVE-2013-7480 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | |||||
| CVE-2013-7478 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | |||||
| CVE-2013-7477 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | |||||
| CVE-2012-6716 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | |||||
| CVE-2015-9320 | 1 Optiontree Project | 1 Optiontree | 2019-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2017-18508 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | |||||
| CVE-2017-1000227 | 1 Parallelus | 1 Salutation | 2019-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||||
| CVE-2019-11522 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-08-23 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.10.0 to 7.10.2 allows XSS. | |||||
| CVE-2017-18577 | 1 Ibericode | 1 Mailchimp | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. | |||||
| CVE-2017-18576 | 1 Event Notifier Project | 1 Event Notifier | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. | |||||
| CVE-2017-18581 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. | |||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tubepress plugin before 1.6.5 for WordPress has XSS. | |||||
| CVE-2017-18564 | 1 Bestwebsoft | 1 Sender | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sender plugin before 1.2.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18563 | 1 Swimordiesoftware | 1 Rsvp | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen. | |||||
| CVE-2015-9327 | 1 Flickr Justified Gallery Project | 1 Flickr Justified Gallery | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. | |||||