Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-4139 | 1 Ibm | 1 Cognos Analytics | 2019-09-30 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0, 11.1.0, and 11.1.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 158335. | |||||
| CVE-2012-6624 | 1 Mightymess | 1 Soundcloud Is Gold | 2019-09-30 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in the SoundCloud Is Gold plugin 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the width parameter in a soundcloud_is_gold_player_preview action to wp-admin/admin-ajax.php. | |||||
| CVE-2019-16923 | 1 Kkcms Project | 1 Kkcms | 2019-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| kkcms 1.3 has jx.php?url= XSS. | |||||
| CVE-2019-16914 | 1 Netgate | 1 Pfsense | 2019-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in pfSense through 2.4.4-p3. In services_captiveportal_mac.php, the username and delmac parameters are displayed without sanitization. | |||||
| CVE-2017-5942 | 1 Wp Mail Project | 1 Wp Mail | 2019-09-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail. | |||||
| CVE-2019-7551 | 1 Cantemo | 1 Portal | 2019-09-27 | 6.0 MEDIUM | 9.0 CRITICAL |
| Cantemo Portal before 3.2.13, 3.3.x before 3.3.8, and 3.4.x before 3.4.9 has XSS. Leveraging this vulnerability would enable performing actions as users, including administrative users. This could enable account creation and deletion as well as deletion of information contained within the app. | |||||
| CVE-2019-16904 | 1 Teampass | 1 Teampass | 2019-09-27 | 3.5 LOW | 5.4 MEDIUM |
| TeamPass 2.1.27.36 allows Stored XSS by setting a crafted password for an item in a common available folder or sharing the item with an admin. (The crafted password is exploitable when viewing the change history of the item or tapping on the item.) | |||||
| CVE-2019-7608 | 1 Elastic | 1 Kibana | 2019-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kibana versions before 5.6.15 and 6.6.1 had a cross-site scripting (XSS) vulnerability that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users. | |||||
| CVE-2015-9444 | 1 Altosresearch | 1 Altos-connect | 2019-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | |||||
| CVE-2015-9416 | 1 Onthegosystems | 1 Sitepress-multilingual-cms | 2019-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The sitepress-multilingual-cms (WPML) plugin 2.9.3 to 3.2.6 for WordPress has XSS via the Accept-Language HTTP header. | |||||
| CVE-2019-11464 | 1 Couchbase | 1 Couchbase Server | 2019-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Some enterprises require that REST API endpoints include security-related headers in REST responses. Headers such as X-Frame-Options and X-Content-Type-Options are generally advisable, however some information security professionals additionally look for X-Permitted-Cross-Domain-Policies and X-XSS-Protection, which are more generally applicable to HTML endpoint, to be included too. These headers were not included in Couchbase Server 5.5.0 and 5.1.2 . They are now included in version 6.0.2 in responses from the Couchbase Server Views REST API (port 8092). | |||||
| CVE-2018-17218 | 1 Ptc | 1 Thingworx Platform | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PTC ThingWorx Platform 6.5 through 8.2. There is reflected XSS in the SQUEAL search function. | |||||
| CVE-2019-14272 | 1 Silverstripe | 1 Silverstripe | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
| In SilverStripe asset-admin 4.0, there is XSS in file titles managed through the CMS. | |||||
| CVE-2015-9423 | 1 Simplysymphony | 1 Plugnedit | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
| The PlugNedit Adaptive Editor plugin before 6.2.0 for WordPress has XSS via wp-admin/admin-ajax.php?action=simple_fields_field_type_post_dialog_load PlugneditBGColor, PlugneditEditorMargin, plugnedit_width, pnemedcount, or plugneditcontent parameters. | |||||
| CVE-2017-16792 | 1 Geminabox Project | 1 Geminabox | 2019-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in "geminabox" (Gem in a Box) before 0.13.10 allows attackers to inject arbitrary web script via the "homepage" value of a ".gemspec" file, related to views/gem.erb and views/index.erb. | |||||
| CVE-2015-9426 | 1 Manual Image Crop Project | 1 Manual Image Crop | 2019-09-26 | 3.5 LOW | 4.6 MEDIUM |
| The manual-image-crop plugin before 1.11 for WordPress has CSRF with resultant XSS via the wp-admin/admin-ajax.php?action=mic_editor_window postId parameter. | |||||
| CVE-2015-9439 | 1 Addthis | 1 Addthis | 2019-09-26 | 3.5 LOW | 4.8 MEDIUM |
| The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | |||||
| CVE-2015-9436 | 1 Qurl | 1 Dynamic Widgets | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
| The dynamic-widgets plugin before 1.5.11 for WordPress has XSS via the wp-admin/admin-ajax.php?action=term_tree prefix or widget_id parameter. | |||||
| CVE-2015-9438 | 1 Display-widgets Project | 1 Display-widgets | 2019-09-26 | 3.5 LOW | 5.4 MEDIUM |
| The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | |||||
| CVE-2015-9430 | 1 Crazy Bone Project | 1 Crazy Bone | 2019-09-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| The crazy-bone plugin before 0.6.0 for WordPress has XSS via the User-Agent HTTP header. | |||||