Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79

CVSS v3 Filter

ALL
NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Search

Total 13741 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-10392 1 Cformsii Project 1 Cformsii 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The cforms2 plugin before 10.2 for WordPress has XSS.
CVE-2017-18578 1 Crafty Social Buttons Project 1 Crafty Social Buttons 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
CVE-2014-10393 1 Cformsii Project 1 Cformsii 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The cforms2 plugin before 10.5 for WordPress has XSS.
CVE-2019-15328 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
CVE-2019-15327 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
CVE-2017-18534 1 Share On Diaspora Project 1 Share On Diaspora 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.
CVE-2019-15127 1 Vanderbilt 1 Redcap 2019-08-23 3.5 LOW 5.4 MEDIUM
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
CVE-2018-13137 1 Wp-events-plugin 1 Events Manager 2019-08-23 3.5 LOW 4.8 MEDIUM
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVE-2019-14799 1 Foliovision 1 Fv Flowplayer Video Player 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS.
CVE-2019-15112 1 Wp-slimstat 1 Slimstat Analytics 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The wp-slimstat plugin before 4.8.1 for WordPress has XSS.
CVE-2019-0334 1 Sap 1 Businessobjects Business Intelligence 2019-08-22 4.9 MEDIUM 5.4 MEDIUM
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.
CVE-2019-13588 1 Wikindx Project 1 Wikindx 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter.
CVE-2014-10380 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
CVE-2016-10898 1 Fabrix 1 Total Security 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The total-security plugin before 3.4.1 for WordPress has XSS.
CVE-2015-9328 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.2.5 for WordPress has XSS.
CVE-2012-6714 1 Count Per Day Project 1 Count Per Day 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
CVE-2012-6715 1 Formbuilder Project 1 Formbuilder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.
CVE-2016-10911 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
CVE-2016-10910 1 Formbuilder Project 1 Formbuilder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.
CVE-2016-10912 1 Matchboxdesigngroup 1 Universal Analytics 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The universal-analytics plugin before 1.3.1 for WordPress has XSS.
CVE-2017-18516 1 Bestwebsoft 1 Linkedin 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.
CVE-2017-18522 1 Eelv Newsletter Project 1 Eelv Newsletter 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book.
CVE-2017-18524 1 Football Pool Project 1 Football Pool 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues.
CVE-2017-18529 1 Bestwebsoft 1 Promobar 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The promobar plugin before 1.1.1 for WordPress has multiple XSS issues.
CVE-2019-3965 1 Open-emr 1 Openemr 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2017-18519 1 Marvinlabs 1 Wp Customer Area 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages.
CVE-2017-18562 1 Bestwebsoft 1 Error Log Viewer 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues.
CVE-2017-18561 1 Embed Images In Comments Project 1 Embed Images In Comments 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The embed-comment-images plugin before 0.6 for WordPress has XSS.
CVE-2018-20970 1 Bestwebsoft 1 Pdf \& Print 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues.
CVE-2014-10378 1 Duplicate Post Project 1 Duplicate Post 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The duplicate-post plugin before 2.6 for WordPress has XSS.
CVE-2017-18535 1 Smokesignal Project 1 Smokesignal 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The smokesignal plugin before 1.2.7 for WordPress has XSS.
CVE-2016-10897 1 Sermon Browser Project 1 Sermon Browser 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The sermon-browser plugin before 0.45.16 for WordPress has multiple XSS issues.
CVE-2017-18525 1 Megamenu 1 Max Mega Menu 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The megamenu plugin before 2.4 for WordPress has XSS.
CVE-2016-10896 1 Clogica 1 Seo Redirection 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The seo-redirection plugin before 4.3 for WordPress has stored XSS.
CVE-2017-18531 1 Raygun 1 Raygun4wp 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The raygun4wp plugin before 1.8.3 for WordPress has XSS in the settings, a different issue than CVE-2017-9288.
CVE-2017-18530 1 Bestwebsoft 1 Rating 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The rating-bws plugin before 0.2 for WordPress has multiple XSS issues.
CVE-2017-18528 1 Bestwebsoft 1 Pdf \& Print 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The pdf-print plugin before 1.9.4 for WordPress has multiple XSS issues.
CVE-2017-18527 1 Bestwebsoft 1 Pagination 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The pagination plugin before 1.0.7 for WordPress has multiple XSS issues.
CVE-2017-18526 1 Lamp-solutions 1 Moreads Se 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The moreads-se plugin before 1.4.7 for WordPress has XSS.
CVE-2017-18520 1 Wp-kama 1 Democracy Poll 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The democracy-poll plugin before 5.4 for WordPress has XSS via update_l10n in admin/class.DemAdminInit.php.
CVE-2015-9319 1 Greg\'s High Performance Seo Project 1 Greg\'s High Performance Seo 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.
CVE-2016-10895 1 Optiontree Project 1 Optiontree 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
CVE-2017-18518 1 Bestwebsoft 1 Smtp 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.
CVE-2017-18568 1 Mythemeshop 1 My Wp Translate 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The my-wp-translate plugin before 1.0.4 for WordPress has XSS.
CVE-2017-18517 1 Bestwebsoft 1 Pinterest 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.
CVE-2019-3963 1 Open-emr 1 Openemr 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2015-9329 1 Soflyy 1 Wp All Import 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
CVE-2017-18567 1 Soflyy 1 Wp All Import 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
CVE-2019-3964 1 Open-emr 1 Openemr 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2016-10913 1 Joomunited 1 Wp Latest Posts 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.