National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,992 matching records.
Displaying matches 81 through 100.
Vuln ID Summary CVSS Severity
CVE-2015-9391

The yawpp plugin through 1.2.2 for WordPress has XSS via the field1 parameter.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9390

The admin-management-xtended plugin before 2.4.0.1 for WordPress has privilege escalation because wp_ajax functions are mishandled.

Published: September 20, 2019; 11:15:12 AM -04:00
(not available)
CVE-2015-9389

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name.

Published: September 20, 2019; 11:15:12 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2015-9388

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/edit.php CSRF with resultant XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9387

The mtouch-quiz plugin before 3.1.3 for WordPress has wp-admin/options-general.php CSRF.

Published: September 20, 2019; 11:15:11 AM -04:00
(not available)
CVE-2015-9386

The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via the quiz parameter during a Quiz Manage operation.

Published: September 20, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9385

The quotes-and-tips plugin before 1.20 for WordPress has XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2015-9384

The relevant plugin before 1.0.8 for WordPress has XSS.

Published: September 20, 2019; 11:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15089

An issue was discovered in PRiSE adAS 1.7.0. Forms have no CSRF protection, letting an attacker execute actions as the administrator.

Published: September 20, 2019; 10:15:12 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2019-15088

An issue was discovered in PRiSE adAS 1.7.0. Password hashes are compared using the equality operator. Thus, under specific circumstances, it is possible to bypass login authentication.

Published: September 20, 2019; 10:15:12 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2019-15087

An issue was discovered in PRiSE adAS 1.7.0. An authenticated user can change the function used to hash passwords to any function, leading to remote code execution.

Published: September 20, 2019; 10:15:12 AM -04:00
V3.1: 7.2 HIGH
    V2: 6.5 MEDIUM
CVE-2019-15086

An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message.

Published: September 20, 2019; 10:15:12 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2019-15085

An issue was discovered in PRiSE adAS 1.7.0. The current database password is embedded in the change password form.

Published: September 20, 2019; 10:15:12 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2019-14916

An issue was discovered in PRiSE adAS 1.7.0. A file's format is not properly checked, leading to an unrestricted file upload.

Published: September 20, 2019; 10:15:12 AM -04:00
(not available)
CVE-2019-14915

An issue was discovered in PRiSE adAS 1.7.0. Certificate data are not properly escaped. This leads to XSS when submitting a rogue certificate.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14914

An issue was discovered in PRiSE adAS 1.7.0. The path is not properly escaped in the medatadata_del method, leading to an arbitrary file read and deletion via Directory Traversal.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14913

An issue was discovered in PRiSE adAS 1.7.0. Log data are not properly escaped, leading to persistent XSS in the administration panel.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14912

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly check the goto parameter, leading to an open redirect that leaks the session cookie.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-14911

An issue was discovered in PRiSE adAS 1.7.0. The OPENSSO module does not properly escape output on error, leading to reflected XSS.

Published: September 20, 2019; 10:15:11 AM -04:00
(not available)
CVE-2019-16531

LayerBB before 1.1.4 has multiple CSRF issues, as demonstrated by changing the System Settings via admin/general.php.

Published: September 19, 2019; 10:16:13 PM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM