Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9336 | 1 Codection | 1 Clean Login | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The clean-login plugin before 1.5.1 for WordPress has reflected XSS. | |||||
| CVE-2019-15228 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors. | |||||
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | |||||
| CVE-2009-5158 | 1 Sumo | 1 Google Analyticator | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-analyticator plugin before 5.2.1 for WordPress has insufficient HTML sanitization for Google Analytics API text. | |||||
| CVE-2019-14469 | 1 Sonatype | 1 Nexus Repository Manager | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | |||||
| CVE-2013-7479 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | |||||
| CVE-2013-7480 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | |||||
| CVE-2013-7478 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | |||||
| CVE-2013-7477 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | |||||
| CVE-2012-6716 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | |||||
| CVE-2019-9648 | 1 Coreftp | 1 Core Ftp | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. A directory traversal vulnerability exists using the SIZE command along with a \..\..\ substring, allowing an attacker to enumerate file existence based on the returned information. | |||||
| CVE-2019-9649 | 1 Coreftp | 1 Core Ftp | 2019-08-26 | 5.0 MEDIUM | 5.3 MEDIUM |
| An issue was discovered in the SFTP Server component in Core FTP 2.0 Build 674. Using the MDTM FTP command, a remote attacker can use a directory traversal technique (..\..\) to browse outside the root directory to determine the existence of a file on the operating system, and its last modified date. | |||||
| CVE-2015-9320 | 1 Optiontree Project | 1 Optiontree | 2019-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2017-18508 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | |||||
| CVE-2017-1000227 | 1 Parallelus | 1 Salutation | 2019-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||||
| CVE-2019-11522 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-08-23 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.10.0 to 7.10.2 allows XSS. | |||||
| CVE-2017-18577 | 1 Ibericode | 1 Mailchimp | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. | |||||
| CVE-2017-18576 | 1 Event Notifier Project | 1 Event Notifier | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. | |||||
| CVE-2017-18581 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. | |||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tubepress plugin before 1.6.5 for WordPress has XSS. | |||||
| CVE-2017-18564 | 1 Bestwebsoft | 1 Sender | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sender plugin before 1.2.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18563 | 1 Swimordiesoftware | 1 Rsvp | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen. | |||||
| CVE-2015-9327 | 1 Flickr Justified Gallery Project | 1 Flickr Justified Gallery | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. | |||||
| CVE-2016-10929 | 1 Advanced Ajax Page Loader Project | 1 Advanced Ajax Page Loader | 2019-08-23 | 5.0 MEDIUM | 5.3 MEDIUM |
| The advanced-ajax-page-loader plugin before 2.7.7 for WordPress has no protection against the reading of uploaded files when not logged in. | |||||
| CVE-2014-10392 | 1 Cformsii Project | 1 Cformsii | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 10.2 for WordPress has XSS. | |||||
| CVE-2014-10393 | 1 Cformsii Project | 1 Cformsii | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 10.5 for WordPress has XSS. | |||||
| CVE-2017-18578 | 1 Crafty Social Buttons Project | 1 Crafty Social Buttons | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. | |||||
| CVE-2019-15328 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | |||||
| CVE-2019-15327 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | |||||
| CVE-2017-18534 | 1 Share On Diaspora Project | 1 Share On Diaspora | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters. | |||||
| CVE-2019-15127 | 1 Vanderbilt | 1 Redcap | 2019-08-23 | 3.5 LOW | 5.4 MEDIUM |
| REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | |||||
| CVE-2017-18550 | 1 Linux | 1 Linux Kernel | 2019-08-23 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_get_hba_info does not initialize the hbainfo structure. | |||||
| CVE-2017-18549 | 1 Linux | 1 Linux Kernel | 2019-08-23 | 2.1 LOW | 5.5 MEDIUM |
| An issue was discovered in drivers/scsi/aacraid/commctrl.c in the Linux kernel before 4.13. There is potential exposure of kernel stack memory because aac_send_raw_srb does not initialize the reply structure. | |||||
| CVE-2018-13137 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-23 | 3.5 LOW | 4.8 MEDIUM |
| The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | |||||
| CVE-2019-15112 | 1 Wp-slimstat | 1 Slimstat Analytics | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-slimstat plugin before 4.8.1 for WordPress has XSS. | |||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | |||||
| CVE-2019-0334 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-22 | 4.9 MEDIUM | 5.4 MEDIUM |
| When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. | |||||
| CVE-2019-2129 | 1 Google | 1 Android | 2019-08-22 | 4.3 MEDIUM | 6.5 MEDIUM |
| In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation. Product: Android. Versions: Android-7.0 Android-7.1.1 Android-7.1.2 Android-8.0 Android-8.1 Android-9. Android ID: A-124781927. | |||||
| CVE-2019-13588 | 1 Wikindx Project | 1 Wikindx | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | |||||
| CVE-2016-10911 | 1 Cozmoslabs | 1 Profile Builder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10910 | 1 Formbuilder Project | 1 Formbuilder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9328 | 1 Cozmoslabs | 1 Profile Builder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 2.2.5 for WordPress has XSS. | |||||
| CVE-2014-10380 | 1 Cozmoslabs | 1 Profile Builder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | |||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | |||||
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | |||||
| CVE-2016-10899 | 1 Fabrix | 1 Total Security | 2019-08-22 | 5.0 MEDIUM | 5.3 MEDIUM |
| The total-security plugin before 3.4.1 for WordPress has a settings-change vulnerability. | |||||
| CVE-2016-10898 | 1 Fabrix | 1 Total Security | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The total-security plugin before 3.4.1 for WordPress has XSS. | |||||
| CVE-2016-10912 | 1 Matchboxdesigngroup | 1 Universal Analytics | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The universal-analytics plugin before 1.3.1 for WordPress has XSS. | |||||
| CVE-2017-18516 | 1 Bestwebsoft | 1 Linkedin | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18522 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. | |||||