Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15228 | 1 Thedaylightstudio | 1 Fuel Cms | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| FUEL CMS 1.4.4 has XSS in the Create Blocks section of the Admin console. This could lead to cookie stealing and other malicious actions. This vulnerability can be exploited with an authenticated account but can also impact unauthenticated visitors. | |||||
| CVE-2013-7481 | 1 Bestwebsoft | 1 Contact Form | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. | |||||
| CVE-2019-14469 | 1 Sonatype | 1 Nexus Repository Manager | 2019-08-26 | 3.5 LOW | 5.4 MEDIUM |
| In Nexus Repository Manager before 3.18.0, users with elevated privileges can create stored XSS. | |||||
| CVE-2013-7479 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field. | |||||
| CVE-2013-7480 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas. | |||||
| CVE-2013-7478 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post. | |||||
| CVE-2013-7477 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form. | |||||
| CVE-2012-6716 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links. | |||||
| CVE-2015-9320 | 1 Optiontree Project | 1 Optiontree | 2019-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2017-18508 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. | |||||
| CVE-2017-1000227 | 1 Parallelus | 1 Salutation | 2019-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can | |||||
| CVE-2019-11522 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-08-23 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite 7.10.0 to 7.10.2 allows XSS. | |||||
| CVE-2017-18577 | 1 Ibericode | 1 Mailchimp | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. | |||||
| CVE-2017-18576 | 1 Event Notifier Project | 1 Event Notifier | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. | |||||
| CVE-2017-18581 | 1 Time Sheets Project | 1 Time Sheets | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. | |||||
| CVE-2008-7321 | 1 Tubepress | 1 Tubepress | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tubepress plugin before 1.6.5 for WordPress has XSS. | |||||
| CVE-2017-18564 | 1 Bestwebsoft | 1 Sender | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sender plugin before 1.2.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18563 | 1 Swimordiesoftware | 1 Rsvp | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen. | |||||
| CVE-2015-9327 | 1 Flickr Justified Gallery Project | 1 Flickr Justified Gallery | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. | |||||
| CVE-2014-10392 | 1 Cformsii Project | 1 Cformsii | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 10.2 for WordPress has XSS. | |||||
| CVE-2014-10393 | 1 Cformsii Project | 1 Cformsii | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The cforms2 plugin before 10.5 for WordPress has XSS. | |||||
| CVE-2017-18578 | 1 Crafty Social Buttons Project | 1 Crafty Social Buttons | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. | |||||
| CVE-2019-15328 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. | |||||
| CVE-2019-15327 | 1 Codection | 1 Import Users From Csv With Meta | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. | |||||
| CVE-2017-18534 | 1 Share On Diaspora Project | 1 Share On Diaspora | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters. | |||||
| CVE-2019-15127 | 1 Vanderbilt | 1 Redcap | 2019-08-23 | 3.5 LOW | 5.4 MEDIUM |
| REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file. | |||||
| CVE-2018-13137 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-23 | 3.5 LOW | 4.8 MEDIUM |
| The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI. | |||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | |||||
| CVE-2019-15112 | 1 Wp-slimstat | 1 Slimstat Analytics | 2019-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-slimstat plugin before 4.8.1 for WordPress has XSS. | |||||
| CVE-2019-0334 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-22 | 4.9 MEDIUM | 5.4 MEDIUM |
| When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting. | |||||
| CVE-2019-13588 | 1 Wikindx Project | 1 Wikindx | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter. | |||||
| CVE-2016-10898 | 1 Fabrix | 1 Total Security | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The total-security plugin before 3.4.1 for WordPress has XSS. | |||||
| CVE-2016-10911 | 1 Cozmoslabs | 1 Profile Builder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10910 | 1 Formbuilder Project | 1 Formbuilder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 1.06 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9328 | 1 Cozmoslabs | 1 Profile Builder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 2.2.5 for WordPress has XSS. | |||||
| CVE-2012-6715 | 1 Formbuilder Project | 1 Formbuilder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header. | |||||
| CVE-2012-6714 | 1 Count Per Day Project | 1 Count Per Day | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The count-per-day plugin before 3.2.3 for WordPress has XSS via search words. | |||||
| CVE-2014-10380 | 1 Cozmoslabs | 1 Profile Builder | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. | |||||
| CVE-2016-10912 | 1 Matchboxdesigngroup | 1 Universal Analytics | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The universal-analytics plugin before 1.3.1 for WordPress has XSS. | |||||
| CVE-2017-18516 | 1 Bestwebsoft | 1 Linkedin | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18522 | 1 Eelv Newsletter Project | 1 Eelv Newsletter | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The eelv-newsletter plugin before 4.6.1 for WordPress has XSS in the address book. | |||||
| CVE-2017-18524 | 1 Football Pool Project | 1 Football Pool | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The football-pool plugin before 2.6.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18529 | 1 Bestwebsoft | 1 Promobar | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The promobar plugin before 1.1.1 for WordPress has multiple XSS issues. | |||||
| CVE-2019-3965 | 1 Open-emr | 1 Openemr | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the document_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session. | |||||
| CVE-2017-18519 | 1 Marvinlabs | 1 Wp Customer Area | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The customer-area plugin before 7.4.3 for WordPress has XSS via admin pages. | |||||
| CVE-2017-18562 | 1 Bestwebsoft | 1 Error Log Viewer | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The error-log-viewer plugin before 1.0.6 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18561 | 1 Embed Images In Comments Project | 1 Embed Images In Comments | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The embed-comment-images plugin before 0.6 for WordPress has XSS. | |||||
| CVE-2018-20970 | 1 Bestwebsoft | 1 Pdf \& Print | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues. | |||||
| CVE-2014-10378 | 1 Duplicate Post Project | 1 Duplicate Post | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The duplicate-post plugin before 2.6 for WordPress has XSS. | |||||
| CVE-2017-18535 | 1 Smokesignal Project | 1 Smokesignal | 2019-08-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| The smokesignal plugin before 1.2.7 for WordPress has XSS. | |||||