Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9391 | 1 Ostenta | 1 Yawpp | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter. | |||||
| CVE-2015-9386 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation. | |||||
| CVE-2015-9396 | 1 Attosoft | 1 Auto Thickbox Plus | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The auto-thickbox-plus plugin through 1.9 for WordPress has wp-content/plugins/auto-thickbox-plus/download.min.php?file= XSS. | |||||
| CVE-2019-15086 | 1 Prise | 1 Adas | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. | |||||
| CVE-2015-9407 | 1 Cyberseo | 1 Xpinner Lite | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. | |||||
| CVE-2015-9393 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | |||||
| CVE-2015-9392 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | |||||
| CVE-2016-10999 | 1 Momizat | 1 Goodnews | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. | |||||
| CVE-2016-11013 | 1 Agentevolution | 1 Impress Listings | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | |||||
| CVE-2016-11012 | 1 Solaplugins | 1 Sola Support Tickets | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | |||||
| CVE-2015-9389 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. | |||||
| CVE-2015-9384 | 1 Bestwebsoft | 1 Relevant | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The relevant plugin before 1.0.8 for WordPress has XSS. | |||||
| CVE-2016-11005 | 1 Elfsight | 1 Instalinker | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | |||||
| CVE-2016-11001 | 1 Plugin-planet | 1 User Submitted Posts | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | |||||
| CVE-2016-10998 | 1 Ocimscripts | 1 Ocim-mp3 | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. | |||||
| CVE-2019-16525 | 1 Checklist | 1 Checklist | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. | |||||
| CVE-2018-18660 | 1 Arcserve | 1 Udp | 2019-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | |||||
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2019-09-19 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | |||||
| CVE-2016-10992 | 1 Codepeople | 1 Music Store | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. | |||||
| CVE-2019-16216 | 1 Zulip | 1 Zulip Server | 2019-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. | |||||
| CVE-2016-10976 | 1 Kodebyraaet | 1 Safe Editor | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. | |||||
| CVE-2019-15848 | 1 Jetbrains | 1 Teamcity | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | |||||
| CVE-2019-16321 | 1 Scadabr | 1 Scadabr | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. | |||||
| CVE-2018-13136 | 1 Ultimatemember | 1 Ultimate Member | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Ultimate Member (aka ultimatemember) plugin before 2.0.18 for WordPress has XSS via the wp-admin settings screen. | |||||
| CVE-2016-10990 | 1 Wpcerber | 1 Cerber Security Antispam \& Malware Scan | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-cerber plugin before 2.7 for WordPress has XSS via the X-Forwarded-For HTTP header. | |||||
| CVE-2016-10975 | 1 Tonjoostudio | 1 Fluid-responsive-slideshow | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. | |||||
| CVE-2016-10985 | 1 Smackcoders | 1 Echo Sign | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The echosign plugin before 1.2 for WordPress has XSS via the templates/add_templates.php id parameter. | |||||
| CVE-2019-16197 | 1 Dolibarr | 1 Dolibarr | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. | |||||
| CVE-2016-10988 | 1 Leenk | 1 Leenk.me | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The leenkme plugin before 2.6.0 for WordPress has stored XSS via facebook_message, facebook_linkname, facebook_caption, facebook_description, default_image, or _wp_http_referer. | |||||
| CVE-2016-10986 | 1 Nerdcow | 1 Tweet Wheel | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tweet-wheel plugin before 1.0.3.3 for WordPress has XSS via consumer_key, consumer_secret, access_token, and access_token_secret. | |||||
| CVE-2016-10984 | 1 Smackcoders | 1 Echo Sign | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The echosign plugin before 1.2 for WordPress has XSS via the inc.php page parameter. | |||||
| CVE-2016-10981 | 1 Kentothemes | 1 Kento-post-view-counter | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The kento-post-view-counter plugin through 2.8 for WordPress has stored XSS via kento_pvc_numbers_lang, kento_pvc_today_text, or kento_pvc_total_text. | |||||
| CVE-2016-10987 | 1 Woocommerce | 1 Persian Woocommerce Sms | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The persian-woocommerce-sms plugin before 3.3.4 for WordPress has ps_sms_numbers XSS. | |||||
| CVE-2016-10979 | 1 Fossura | 1 Tag Miner | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS. | |||||
| CVE-2016-10980 | 1 Kentothemes | 1 Kento-post-view-counter | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The kento-post-view-counter plugin through 2.8 for WordPress has XSS via kento_pvc_geo. | |||||
| CVE-2018-7547 | 1 Lingyun | 1 Lyadmin | 2019-09-17 | 3.5 LOW | 4.8 MEDIUM |
| lyadmin 1.x has XSS via the config[WEB_SITE_TITLE] parameter to the /admin.php?s=/admin/config/groupsave.html URI. | |||||
| CVE-2019-15950 | 1 Redmineup | 1 Crm | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. | |||||
| CVE-2019-15739 | 1 Gitlab | 1 Gitlab | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. | |||||
| CVE-2016-10957 | 1 Akal Project | 1 Akal | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. | |||||
| CVE-2016-10964 | 1 Findshorty | 1 Dwnldr | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. | |||||
| CVE-2016-10967 | 1 Creativeinteractivemedia | 1 Real3d Flipbook | 2019-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. | |||||
| CVE-2016-10969 | 1 Supportflow Project | 1 Supportflow | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. | |||||
| CVE-2016-10973 | 1 Brafton | 1 Brafton | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. | |||||
| CVE-2016-10970 | 1 Supportflow Project | 1 Supportflow | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. | |||||
| CVE-2019-8368 | 1 Open-emr | 1 Openemr | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenEMR v5.0.1-6 allows XSS. | |||||
| CVE-2019-8444 | 1 Atlassian | 1 Jira | 2019-09-16 | 3.5 LOW | 5.4 MEDIUM |
| The wikirenderer component in Jira before version 7.13.6, and from version 8.0.0 before version 8.3.2 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability in image attribute specification. | |||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2019-09-16 | 3.5 LOW | 4.8 MEDIUM |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | |||||
| CVE-2019-5985 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-6003 | 1 Ec-cube | 1 Amazon Pay | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-16312 | 1 S-cms | 1 S-cms | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | |||||