Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18493 | 1 Bestwebsoft | 1 Custom Admin Page | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. | |||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9296 | 1 Never5 | 1 Download Monitor | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2017-18492 | 1 Bestwebsoft | 1 Contact Form To Db | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9293 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | |||||
| CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.52 for WordPress has XSS. | |||||
| CVE-2015-9294 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | |||||
| CVE-2015-9295 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.96 for WordPress has XSS. | |||||
| CVE-2015-9300 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9299 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. | |||||
| CVE-2016-10868 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. | |||||
| CVE-2016-10870 | 1 Gtranslate | 1 Google Language Translator | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-language-translator plugin before 5.0.06 for WordPress has XSS. | |||||
| CVE-2016-10869 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. | |||||
| CVE-2016-10871 | 1 Ibericode | 1 Mailchimp | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. | |||||
| CVE-2017-18489 | 1 Mediaburst | 1 Contact Form 7 - Clockwork Sms | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. | |||||
| CVE-2017-18490 | 1 Bestwebsoft | 1 Contact Form Multi | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18491 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. | |||||
| CVE-2019-14987 | 1 Schben | 1 Framework | 2019-08-15 | 3.5 LOW | 4.8 MEDIUM |
| Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. | |||||
| CVE-2018-20962 | 1 Backpackforlaravel | 1 Backpack\\crud | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. | |||||
| CVE-2018-20966 | 1 Booster | 1 Booster For Woocommerce | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. | |||||
| CVE-2018-14951 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | |||||
| CVE-2018-14954 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via the formaction attribute. | |||||
| CVE-2018-14955 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | |||||
| CVE-2018-14950 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<svg><a xlink:href=" attack. | |||||
| CVE-2018-14953 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math xlink:href=" attack. | |||||
| CVE-2018-14952 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. | |||||
| CVE-2019-14976 | 1 Icmsdev | 1 Icms | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| iCMS 7.0.15 allows admincp.php?app=apps XSS via the keywords parameter. | |||||
| CVE-2015-9305 | 1 Flippercode | 1 Google Map | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-google-map-plugin plugin before 2.3.7 for WordPress has XSS related to the add_query_arg() and remove_query_arg() functions. | |||||
| CVE-2019-14950 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 8.0.27 for WordPress has XSS via the GDPR page. | |||||
| CVE-2016-10879 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 6.2.02 for WordPress has XSS. | |||||
| CVE-2018-20958 | 1 Tapplock | 2 Tapplock, Tapplock Firmware | 2019-08-15 | 3.3 LOW | 6.5 MEDIUM |
| The Bluetooth Low Energy (BLE) subsystem on Tapplock devices before 2018-06-12 relies on Key1 and SerialNo for unlock operations; however, these are derived from the MAC address, which is broadcasted by the device. | |||||
| CVE-2016-10877 | 1 Wp Editor Project | 1 Wp Editor | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-editor plugin before 1.2.6.3 for WordPress has multiple XSS issues. | |||||
| CVE-2019-14967 | 1 Frappe | 1 Frappe | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Frappe Framework 10, 11 before 11.1.46, and 12. There exists an XSS vulnerability. | |||||
| CVE-2017-18495 | 1 Mediaburst | 1 Gravity Forms | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The gravity-forms-sms-notifications plugin before 2.4.0 for WordPress has XSS. | |||||
| CVE-2019-11720 | 1 Mozilla | 1 Firefox | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some unicode characters are incorrectly treated as whitespace during the parsing of web content instead of triggering parsing errors. This allows malicious code to then be processed, evading cross-site scripting (XSS) filtering. This vulnerability affects Firefox < 68. | |||||
| CVE-2017-14166 | 3 Canonical, Debian, Libarchive | 3 Ubuntu Linux, Debian Linux, Libarchive | 2019-08-15 | 4.3 MEDIUM | 6.5 MEDIUM |
| libarchive 3.3.2 allows remote attackers to cause a denial of service (xml_data heap-based buffer over-read and application crash) via a crafted xar archive, related to the mishandling of empty strings in the atol8 function in archive_read_support_format_xar.c. | |||||
| CVE-2019-5236 | 1 Huawei | 2 Emily-l29c, Emily-l29c Firmware | 2019-08-15 | 6.8 MEDIUM | 6.3 MEDIUM |
| Huawei smart phones Emily-L29C with versions of 8.1.0.132a(C432), 8.1.0.135(C782), 8.1.0.154(C10), 8.1.0.154(C461), 8.1.0.154(C635), 8.1.0.156(C185), 8.1.0.156(C605), 8.1.0.159(C636) have a double free vulnerability. An attacker can trick a user to click a URL to exploit this vulnerability. Successful exploitation may cause the affected phone abnormal. | |||||
| CVE-2017-18497 | 1 W3eden | 1 Live Forms | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The liveforms plugin before 3.4.0 for WordPress has XSS. | |||||
| CVE-2017-18496 | 1 Bestwebsoft | 1 Htaccess | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18494 | 1 Bestwebsoft | 1 Custom Search | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18487 | 1 Google Adsense Project | 1 Google Adsense | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10866 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18507 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. | |||||
| CVE-2018-20858 | 1 Edx | 1 Recommender | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Recommender before 2018-07-18 allows XSS. | |||||
| CVE-2018-20963 | 1 Codepeople | 1 Contact Form Email | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | |||||
| CVE-2017-18498 | 1 Presstigers | 1 Simple Job Board | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. | |||||
| CVE-2017-18488 | 1 Backup-guard | 1 Backup Guard | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. | |||||
| CVE-2019-10352 | 1 Jenkins | 1 Jenkins | 2019-08-15 | 4.0 MEDIUM | 6.5 MEDIUM |
| A path traversal vulnerability in Jenkins 2.185 and earlier, LTS 2.176.1 and earlier in core/src/main/java/hudson/model/FileParameterValue.java allowed attackers with Job/Configure permission to define a file parameter with a file name outside the intended directory, resulting in an arbitrary file write on the Jenkins master when scheduling a build. | |||||
| CVE-2017-18485 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2019-08-15 | 5.8 MEDIUM | 5.4 MEDIUM |
| Cognitoys Dino devices allow profiles_add.html CSRF. | |||||
| CVE-2019-10182 | 2 Icedtea-web Project, Redhat | 6 Icedtea-web, Enterprise Linux Desktop, Enterprise Linux Server and 3 more | 2019-08-15 | 5.8 MEDIUM | 6.5 MEDIUM |
| It was found that icedtea-web though 1.7.2 and 1.8.2 did not properly sanitize paths from <jar/> elements in JNLP files. An attacker could trick a victim into running a specially crafted application and use this flaw to upload arbitrary files to arbitrary locations in the context of the user. | |||||