) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Keyword (text search): xss
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2019-14518 |
Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel. Published: August 15, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 5.4 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-15081 |
OpenCart 3.x, when the attacker has login access to the admin panel, allows stored XSS within the Source/HTML editing feature of the Categories, Product, and Information pages. Published: August 15, 2019; 11:15:15 AM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-14795 |
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. Published: August 15, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 4.8 MEDIUM V2.0: 3.5 LOW |
| CVE-2019-14790 |
The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, Published: August 15, 2019; 11:15:14 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-14427 |
XSS exists in WEB STUDIO Ultimate Loan Manager 2.0 by adding a branch under the Branches button that sets the notes parameter with crafted JavaScript code. Published: August 14, 2019; 6:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-19386 |
SolarWinds Database Performance Analyzer 11.1.457 contains an instance of Reflected XSS in its idcStateError component, where the page parameter is reflected into the HREF of the 'Try Again' Button on the page, aka a /iwc/idcStateError.iwc?page= URI. Published: August 14, 2019; 4:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2019-15053 |
The "HTML Include and replace macro" plugin before 1.5.0 for Confluence Server allows a bypass of the includeScripts=false XSS protection mechanism via vectors involving an IFRAME element. Published: August 14, 2019; 1:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.8 MEDIUM V2.0: 6.0 MEDIUM |
| CVE-2019-14974 |
SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. Published: August 14, 2019; 12:15:12 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10881 |
The google-document-embedder plugin before 2.6.2 for WordPress has XSS. Published: August 14, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10880 |
The google-document-embedder plugin before 2.6.1 for WordPress has XSS. Published: August 14, 2019; 12:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9314 |
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. Published: August 14, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9312 |
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. Published: August 14, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2015-9311 |
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. Published: August 14, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18488 |
The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. Published: August 13, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18487 |
The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. Published: August 13, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10867 |
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages. Published: August 13, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2016-10866 |
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. Published: August 13, 2019; 2:15:11 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2018-20963 |
The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. Published: August 13, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18507 |
The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. Published: August 13, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
| CVE-2017-18498 |
The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. Published: August 13, 2019; 1:15:13 PM -0400 |
V4.0:(not available) V3.0: 6.1 MEDIUM V2.0: 4.3 MEDIUM |