Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-6796 | 1 Gitlab | 1 Gitlab | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. | |||||
| CVE-2019-16126 | 1 Getgrav | 1 Grav Cms | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. | |||||
| CVE-2019-16130 | 1 Hgw168cc | 1 Yii-cms | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. | |||||
| CVE-2019-16104 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | |||||
| CVE-2019-10677 | 1 Dasanzhone | 2 Znid Gpon 2426a Eu, Znid Gpon 2426a Eu Firmware | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). | |||||
| CVE-2017-18559 | 1 Cformsii Project | 1 Cformsii | 2019-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 14.13.3 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18499 | 1 Simple-membership-plugin | 1 Simple Membership | 2019-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-membership plugin before 3.5.7 for WordPress has XSS. | |||||
| CVE-2018-17586 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. | |||||
| CVE-2018-17583 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. | |||||
| CVE-2018-17585 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. | |||||
| CVE-2019-13209 | 1 Rancher | 1 Rancher | 2019-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rancher 2 through 2.2.4 is vulnerable to a Cross-Site Websocket Hijacking attack that allows an exploiter to gain access to clusters managed by Rancher. The attack requires a victim to be logged into a Rancher server, and then to access a third-party site hosted by the exploiter. Once that is accomplished, the exploiter is able to execute commands against the cluster's Kubernetes API with the permissions and identity of the victim. | |||||
| CVE-2019-1020010 | 1 Misskey | 1 Misskey | 2019-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Misskey before 10.102.4 allows hijacking a user's token. | |||||
| CVE-2019-14470 | 2 Instagram-php-api Project, Userproplugin | 2 Instagram-php-api, User Pro | 2019-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | |||||
| CVE-2019-15814 | 1 Sentrifugo | 1 Sentrifugo | 2019-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | |||||
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | |||||
| CVE-2019-15109 | 1 Tri | 1 The Events Calendar | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | |||||
| CVE-2016-10892 | 1 Kibokolabs | 1 Chained Quiz | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2019-15889 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. | |||||
| CVE-2019-15898 | 1 Nagios | 1 Log Server | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | |||||
| CVE-2015-9369 | 1 Ithemes | 1 Easy Us Sales Taxes | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15836 | 1 Bootstrapped | 1 Wp Ultimate Recipe | 2019-09-04 | 3.5 LOW | 5.4 MEDIUM |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. | |||||
| CVE-2019-15700 | 1 Frappe | 1 Frappe | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | |||||
| CVE-2015-9375 | 1 Ithemes | 1 Table Rate Shipping | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Table Rate Shipping Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15074 | 1 Mantisbt | 1 Mantisbt | 2019-09-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename. The code is executed for any user having visibility to the issue, whenever My View Page is displayed. | |||||
| CVE-2015-9373 | 1 Webdevstudios | 1 Ithemes Paypal Pro | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| PayPal Pro Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9366 | 1 Ithemes | 1 Custom Url Tracking | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Custom URL Tracking Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9370 | 1 Ithemes | 1 Invoices | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invoices Add-on for iThemes Exchange before 1.4.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9371 | 1 Ithemes | 1 Manual Purchases | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Manual Purchases Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9372 | 1 Ithemes | 1 Membership | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Membership Add-on for iThemes Exchange before 1.3.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15837 | 1 Bitwise-it | 1 Webp Express | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. | |||||
| CVE-2019-15777 | 1 Shapepress | 1 Wp Dsgvo Tools | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | |||||
| CVE-2015-9374 | 1 Ithemes | 1 Stripe | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stripe Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15829 | 1 Greentreelabs | 1 Gallery Photoblocks | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | |||||
| CVE-2019-15827 | 1 Onesignal | 1 Onesignal-free-web-push-notifications | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | |||||
| CVE-2018-15510 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Certificate' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-12754 | 1 Symantec | 1 Vip | 2019-09-03 | 3.5 LOW | 4.8 MEDIUM |
| Symantec My VIP portal, previous version which has already been auto updated, was susceptible to a cross-site scripting (XSS) exploit, which is a type of issue that can enable attackers to inject client-side scripts into web pages viewed by other users or potentially bypass access controls such as the same-origin policy. | |||||
| CVE-2018-15511 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Notification template' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15864 | 1 Holest | 1 Breadcrumbs By Menu | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. | |||||
| CVE-2018-15512 | 1 Totemo | 1 Totemomail | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the 'Authorisation Service' feature of totemomail 6.0.0 build 570 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2019-15870 | 1 Carspot Project | 1 Carspot | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. | |||||
| CVE-2019-15869 | 1 Jobcareer Project | 1 Jobcareer | 2019-09-03 | 3.5 LOW | 5.4 MEDIUM |
| The JobCareer theme before 2.5.1 for WordPress has stored XSS. | |||||
| CVE-2015-9367 | 1 Ithemes | 1 Easy Canadian Sales Taxes | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy Canadian Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9368 | 1 Ithemes | 1 Easy Eu Value Added \(vat\) Taxes | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy EU Value Added (VAT) Taxes Add-on for iThemes Exchange before 1.2.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-5590 | 1 Fortinet | 1 Fortiweb | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | |||||
| CVE-2019-15838 | 1 Custom 404 Pro Project | 1 Custom 404 Pro | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. | |||||
| CVE-2015-9358 | 1 Feedwordpress Project | 1 Feedwordpress | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2019-15817 | 1 Realestateconnected | 1 Easy Property Listings | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. | |||||
| CVE-2015-9378 | 1 Ithemes | 1 Builder Theme Market | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Builder Theme Market before 5.1.27 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||
| CVE-2015-9355 | 1 Simbahosting | 1 Two-factor-authentication | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area. | |||||
| CVE-2015-9379 | 1 Ithemes | 1 Builder Style Manager | 2019-09-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||