Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2019-08-22 | 3.5 LOW | 5.4 MEDIUM |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | |||||
| CVE-2017-18566 | 1 Bestwebsoft | 1 User Role | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-role plugin before 1.5.6 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18532 | 1 Bestwebsoft | 1 Realty | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The realty plugin before 1.1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18533 | 1 Rimons Twitter Widget Project | 1 Rimons Twitter Widget | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rimons-twitter-widget plugin before 1.3 for WordPress has XSS. | |||||
| CVE-2018-20978 | 1 Soflyy | 1 Wp All Import | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-all-import plugin before 3.4.7 for WordPress has XSS. | |||||
| CVE-2019-14948 | 1 Najeebmedia | 1 Ppom For Woocommerce | 2019-08-21 | 3.5 LOW | 5.4 MEDIUM |
| The woocommerce-product-addon plugin before 18.4 for WordPress has XSS via an import of a new meta data structure. | |||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | |||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2019-08-21 | 3.5 LOW | 4.8 MEDIUM |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | |||||
| CVE-2019-14518 | 1 Modx | 1 Evolution Cms | 2019-08-21 | 3.5 LOW | 5.4 MEDIUM |
| ** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel." | |||||
| CVE-2015-9317 | 1 Getawesomesupport | 1 Awesome Support | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages. | |||||
| CVE-2019-15082 | 1 Yofla | 1 360 Product Rotation | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS. | |||||
| CVE-2016-10901 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools. | |||||
| CVE-2015-9321 | 1 Wpmadeeasy | 1 Shortcode Factory | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg. | |||||
| CVE-2017-18536 | 1 Fullworks | 1 Stop User Enumeration | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The stop-user-enumeration plugin before 1.3.8 for WordPress has XSS. | |||||
| CVE-2016-10908 | 1 Codepeople | 1 Booking Calendar Contact Form | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The booking-calendar-contact-form plugin before 1.0.24 for WordPress has XSS. | |||||
| CVE-2017-18554 | 1 Analytics Tracker Project | 1 Analytics Tracker | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The analytics-tracker plugin before 1.1.1 for WordPress has XSS via a search event. | |||||
| CVE-2017-18537 | 1 Bestwebsoft | 1 Visitors Online | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The visitors-online plugin before 1.0.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18541 | 1 Xakuro | 1 Xo Security | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xo-security plugin before 1.5.3 for WordPress has XSS. | |||||
| CVE-2019-15053 | 1 Atlassian | 1 Html Include And Replace Macro | 2019-08-21 | 6.0 MEDIUM | 6.8 MEDIUM |
| The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. | |||||
| CVE-2016-10900 | 1 Wpmanage | 1 Uji Countdown | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The uji-countdown plugin before 2.0.7 for WordPress has XSS. | |||||
| CVE-2017-18555 | 1 Mediaburst | 1 Booking Calendar | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The booking-sms plugin before 1.1.0 for WordPress has XSS. | |||||
| CVE-2017-18556 | 1 Bestwebsoft | 1 Google Analytics | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-google-analytics plugin before 1.7.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18557 | 1 Bestwebsoft | 1 Google Maps | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-google-maps plugin before 1.3.6 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18558 | 1 Bestwebsoft | 1 Testimonials | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-testimonials plugin before 0.1.9 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18560 | 1 Content Audit Project | 1 Content Audit | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The content-audit plugin before 1.9.2 for WordPress has XSS. | |||||
| CVE-2019-14949 | 1 Wpseeds | 1 Wp Database Backup | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-database-backup plugin before 5.1.2 for WordPress has XSS. | |||||
| CVE-2017-18542 | 1 Bestwebsoft | 1 Zendesk Help Center | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The zendesk-help-center plugin before 1.0.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18553 | 1 Ad Buttons Project | 1 Ad Buttons | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ad-buttons plugin before 2.3.2 for WordPress has XSS. | |||||
| CVE-2017-18565 | 1 Bestwebsoft | 1 Updater | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The updater plugin before 1.35 for WordPress has multiple XSS issues. | |||||
| CVE-2019-15110 | 1 Wp Front End Profile Project | 1 Wp Front End Profile | 2019-08-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-front-end-profile plugin before 0.2.2 for WordPress has XSS. | |||||
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2019-08-20 | 3.5 LOW | 5.4 MEDIUM |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | |||||
| CVE-2019-14789 | 1 Custom 404 Pro Project | 1 Custom 404 Pro | 2019-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | |||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2019-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | |||||
| CVE-2019-1203 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2019-08-20 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2016-10864 | 1 Netgear | 2 Ex7000, Ex7000 Firmware | 2019-08-19 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | |||||
| CVE-2019-14974 | 1 Sugarcrm | 1 Sugarcrm | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. | |||||
| CVE-2018-1000416 | 1 Jobconfighistory Project | 1 Jobconfighistory | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. | |||||
| CVE-2016-10880 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-document-embedder plugin before 2.6.1 for WordPress has XSS. | |||||
| CVE-2016-10881 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-document-embedder plugin before 2.6.2 for WordPress has XSS. | |||||
| CVE-2019-0332 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-5712 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | |||||
| CVE-2018-17082 | 3 Debian, Netapp, Php | 3 Debian Linux, Storage Automation Store, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | |||||
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2018-9997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | |||||
| CVE-2015-9306 | 1 Smackcoders | 1 Ultimate Csv Importer | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | |||||
| CVE-2015-9303 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | |||||
| CVE-2017-18506 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. | |||||
| CVE-2017-18500 | 1 Bestwebsoft | 1 Social Buttons Pack | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9314 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | |||||
| CVE-2015-9312 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | |||||