National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

There are 122,683 matching records.
Displaying matches 281 through 300.
Vuln ID Summary CVSS Severity
CVE-2019-16202

MISP before 2.4.115 allows privilege escalation in certain situations. After updating to 2.4.115, escalation attempts are blocked by the __checkLoggedActions function with a "This could be an indication of an attempted privilege escalation on older vulnerable versions of MISP (<2.4.115)" message.

Published: September 10, 2019; 10:15:10 AM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2017-18611

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-field-css parameter.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18610

The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWP_CreateCustomFieldPage.php custom-group-id parameter.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18609

The magic-fields plugin before 1.7.2 for WordPress has XSS via the custom-write-panel-id parameter.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18608

The spotim-comments plugin before 4.0.4 for WordPress has multiple XSS issues.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18607

The avada theme before 5.1.5 for WordPress has CSRF.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.8 MEDIUM
CVE-2017-18606

The avada theme before 5.1.5 for WordPress has stored XSS.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18605

The gravitate-qa-tracker plugin through 1.2.1 for WordPress has PHP Object Injection.

Published: September 10, 2019; 08:15:11 AM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH
CVE-2017-18604

The sitebuilder-dynamic-components plugin through 1.0 for WordPress has PHP object injection via an AJAX request.

Published: September 10, 2019; 08:15:10 AM -04:00
V3.1: 7.5 HIGH
    V2: 5.0 MEDIUM
CVE-2017-18603

The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter.

Published: September 10, 2019; 08:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18602

The examapp plugin 1.0 for WordPress has SQL injection via the wp-admin/admin.php?page=examapp_UserResult id parameter.

Published: September 10, 2019; 08:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-18601

The examapp plugin 1.0 for WordPress has XSS via exam input text fields.

Published: September 10, 2019; 08:15:10 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2017-18600

The formcraft3 plugin before 3.4 for WordPress has stored XSS via the "New Form > Heading > Heading Text" field.

Published: September 10, 2019; 08:15:10 AM -04:00
V3.1: 5.4 MEDIUM
    V2: 3.5 LOW
CVE-2017-18599

The Pinfinity theme before 2.0 for WordPress has XSS via the s parameter.

Published: September 10, 2019; 07:15:11 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18598

The Qards plugin through 2017-10-11 for WordPress has XSS via a remote document specified in the url parameter to html2canvasproxy.php.

Published: September 10, 2019; 07:15:10 AM -04:00
V3.1: 6.1 MEDIUM
    V2: 4.3 MEDIUM
CVE-2017-18597

The jtrt-responsive-tables plugin before 4.1.2 for WordPress has SQL Injection via the admin/class-jtrt-responsive-tables-admin.php tableId parameter.

Published: September 10, 2019; 07:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2017-18596

The elementor plugin before 1.8.0 for WordPress has incorrect access control for internal functions.

Published: September 10, 2019; 07:15:10 AM -04:00
V3.1: 8.8 HIGH
    V2: 6.5 MEDIUM
CVE-2019-7176

An issue was discovered in GitLab Community and Enterprise Edition 8.x (starting in 8.9), 9.x, 10.x, and 11.x before 11.5.9, 11.6.x before 11.6.7, and 11.7.x before 11.7.2. It has Incorrect Access Control. Guest users are able to add reaction emojis on comments to which they have no visibility.

Published: September 09, 2019; 05:15:12 PM -04:00
V3.1: 3.7 LOW
    V2: 4.3 MEDIUM
CVE-2019-6791

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It has Incorrect Access Control (issue 3 of 3). When a project with visibility more permissive than the target group is imported, it will retain its prior visibility.

Published: September 09, 2019; 05:15:12 PM -04:00
V3.1: 6.5 MEDIUM
    V2: 4.0 MEDIUM
CVE-2019-16192

upload_model() in /admini/controllers/system/managemodel.php in DocCms 2016.5.17 allow remote attackers to execute arbitrary PHP code through module management files, as demonstrated by a .php file in a ZIP archive.

Published: September 09, 2019; 05:15:12 PM -04:00
V3.1: 9.8 CRITICAL
    V2: 7.5 HIGH