Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2018-21014 |
The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. Published: September 09, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2018-21012 |
The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. Published: September 09, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16130 |
YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. Published: September 08, 2019; 11:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16104 |
Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. Published: September 08, 2019; 1:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2018-11198 |
An issue was discovered in Mautic 2.13.1. There is Stored XSS via the authorUrl field in config.json. Published: September 06, 2019; 5:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-14470 |
cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. Published: September 04, 2019; 4:15:10 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15814 |
Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. Published: September 04, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15898 |
Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. Published: September 03, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15889 |
The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. Published: September 03, 2019; 2:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15870 |
The CarSpot theme before 2.1.7 for WordPress has stored XSS via the Phone Number field. Published: September 03, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15869 |
The JobCareer theme before 2.5.1 for WordPress has stored XSS. Published: September 03, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15864 |
The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. Published: September 03, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15858 |
admin/includes/class.import.snippet.php in the "Woody ad snippets" plugin before 2.2.5 for WordPress allows unauthenticated options import, as demonstrated by storing an XSS payload for remote code execution. Published: September 03, 2019; 3:15:10 AM -0400 |
V4.0:(not available) V3.1: 8.8 HIGH V2.0: 6.8 MEDIUM |
CVE-2019-15842 |
The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15838 |
The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15837 |
The webp-express plugin before 0.14.8 for WordPress has stored XSS. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15836 |
The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. Published: August 30, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15833 |
The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. Published: August 30, 2019; 10:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-15830 |
The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-15829 |
The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. Published: August 30, 2019; 10:15:10 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |