Search Results (Refine Search)
- Keyword (text search): xss
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2016-10967 |
The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. Published: September 16, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10964 |
The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. Published: September 16, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10963 |
The icegram plugin before 1.9.19 for WordPress has XSS. Published: September 16, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10961 |
The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. Published: September 16, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10957 |
The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. Published: September 16, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16334 |
In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. Published: September 15, 2019; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 4.8 MEDIUM V2.0: 3.5 LOW |
CVE-2019-16332 |
In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. Published: September 15, 2019; 6:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16321 |
ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. Published: September 15, 2019; 12:15:13 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16312 |
s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. Published: September 14, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16310 |
NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. Published: September 14, 2019; 12:15:10 PM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-5314 |
Some web components in the ArubaOS software are vulnerable to HTTP Response splitting (CRLF injection) and Reflected XSS. An attacker would be able to accomplish this by sending certain URL parameters that would trigger this vulnerability. Published: September 13, 2019; 1:15:12 PM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2019-16289 |
The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. Published: September 13, 2019; 11:15:11 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2019-13364 |
admin.php?page=account_billing in Piwigo 2.9.5 has XSS via the vat_number, billing_name, company, or billing_address parameter. This is exploitable via CSRF. Published: September 13, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2019-13363 |
admin.php?page=notification_by_mail in Piwigo 2.9.5 has XSS via the nbm_send_html_mail, nbm_send_mail_as, nbm_send_detailed_content, nbm_complementary_mail_content, nbm_send_recent_post_dates, or param_submit parameter. This is exploitable via CSRF. Published: September 13, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 9.6 CRITICAL V2.0: 6.8 MEDIUM |
CVE-2019-12517 |
An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. Published: September 13, 2019; 9:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2016-10953 |
The Headway theme before 3.8.9 for WordPress has XSS via the license key field. Published: September 13, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 5.4 MEDIUM V2.0: 3.5 LOW |
CVE-2016-10952 |
The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. Published: September 13, 2019; 9:15:10 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18615 |
The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. Published: September 13, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18613 |
The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. Published: September 13, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |
CVE-2017-18612 |
The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. Published: September 13, 2019; 8:15:11 AM -0400 |
V4.0:(not available) V3.1: 6.1 MEDIUM V2.0: 4.3 MEDIUM |