Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14789 | 1 Custom 404 Pro Project | 1 Custom 404 Pro | 2019-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | |||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2019-08-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | |||||
| CVE-2019-1203 | 1 Microsoft | 2 Sharepoint Enterprise Server, Sharepoint Server | 2019-08-20 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'. | |||||
| CVE-2016-10864 | 1 Netgear | 2 Ex7000, Ex7000 Firmware | 2019-08-19 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | |||||
| CVE-2019-14974 | 1 Sugarcrm | 1 Sugarcrm | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. | |||||
| CVE-2018-1000416 | 1 Jobconfighistory Project | 1 Jobconfighistory | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. | |||||
| CVE-2016-10880 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-document-embedder plugin before 2.6.1 for WordPress has XSS. | |||||
| CVE-2016-10881 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-document-embedder plugin before 2.6.2 for WordPress has XSS. | |||||
| CVE-2019-0332 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-17082 | 3 Debian, Netapp, Php | 3 Debian Linux, Storage Automation Store, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | |||||
| CVE-2018-5712 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | |||||
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2018-9997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | |||||
| CVE-2015-9306 | 1 Smackcoders | 1 Ultimate Csv Importer | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | |||||
| CVE-2015-9303 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | |||||
| CVE-2017-18506 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. | |||||
| CVE-2017-18500 | 1 Bestwebsoft | 1 Social Buttons Pack | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9314 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | |||||
| CVE-2015-9312 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | |||||
| CVE-2015-9311 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | |||||
| CVE-2017-18502 | 1 Bestwebsoft | 1 Subscriber | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18503 | 1 Wpdeveloper | 1 Twitter Cards Meta | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. | |||||
| CVE-2017-18501 | 1 Bestwebsoft | 1 Social Login | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. | |||||
| CVE-2019-5403 | 1 Hp | 1 3par Storeserv Management Console | 2019-08-16 | 3.5 LOW | 4.8 MEDIUM |
| A remote multiple cross-site scripting vulnerability was discovered in HPE 3PAR StoreServ Management and Core Software Media version(s): prior to 3.5.0.1. | |||||
| CVE-2017-18505 | 1 Bestwebsoft | 1 Twitter Button | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The twitter-plugin plugin before 2.55 for WordPress has XSS. | |||||
| CVE-2019-14770 | 1 Backdropcms | 1 Backdrop Core | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) | |||||
| CVE-2019-5398 | 1 Hp | 2 3par Service Processor, 3par Service Processor Firmware | 2019-08-16 | 3.5 LOW | 5.4 MEDIUM |
| A remote multiple multiple cross-site vulnerability was discovered in HPE 3PAR Service Processor version(s): prior to 5.0.5.1. | |||||
| CVE-2017-18493 | 1 Bestwebsoft | 1 Custom Admin Page | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. | |||||
| CVE-2012-6713 | 1 Wp-jobmanager | 1 Job Manager | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The job-manager plugin before 0.7.19 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9296 | 1 Never5 | 1 Download Monitor | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2017-18492 | 1 Bestwebsoft | 1 Contact Form To Db | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-to-db plugin before 1.5.7 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9293 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | |||||
| CVE-2013-7475 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.52 for WordPress has XSS. | |||||
| CVE-2015-9294 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | |||||
| CVE-2015-9295 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.96 for WordPress has XSS. | |||||
| CVE-2015-9300 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9299 | 1 Wp-events-plugin | 1 Events Manager | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. | |||||
| CVE-2016-10868 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages. | |||||
| CVE-2016-10870 | 1 Gtranslate | 1 Google Language Translator | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-language-translator plugin before 5.0.06 for WordPress has XSS. | |||||
| CVE-2016-10869 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 4.0.2 for WordPress has XSS. | |||||
| CVE-2017-18489 | 1 Mediaburst | 1 Contact Form 7 - Clockwork Sms | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-7-sms-addon plugin before 2.4.0 for WordPress has XSS. | |||||
| CVE-2016-10871 | 1 Ibericode | 1 Mailchimp | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mailchimp-for-wp plugin before 4.0.11 for WordPress has XSS on the integration settings page. | |||||
| CVE-2017-18490 | 1 Bestwebsoft | 1 Contact Form Multi | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-multi plugin before 1.2.1 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18491 | 1 Bestwebsoft | 1 Contact Form | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 4.0.6 for WordPress has multiple XSS issues. | |||||
| CVE-2019-14987 | 1 Schben | 1 Framework | 2019-08-15 | 3.5 LOW | 4.8 MEDIUM |
| Adive Framework through 2.0.7 is affected by XSS in the Create New Table and Create New Navigation Link functions. | |||||
| CVE-2018-20962 | 1 Backpackforlaravel | 1 Backpack\\crud | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. | |||||
| CVE-2018-20966 | 1 Booster | 1 Booster For Woocommerce | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. | |||||
| CVE-2018-14951 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<form action='data:text" attack. | |||||
| CVE-2018-14955 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via SVG animations (animate to attribute). | |||||
| CVE-2018-14952 | 1 Squirrelmail | 1 Squirrelmail | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The mail message display page in SquirrelMail through 1.4.22 has XSS via a "<math><maction xlink:href=" attack. | |||||