Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15086 | 1 Prise | 1 Adas | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PRiSE adAS 1.7.0. The newentityID parameter is not properly escaped, leading to a reflected XSS in the error message. | |||||
| CVE-2015-9407 | 1 Cyberseo | 1 Xpinner Lite | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The xpinner-lite plugin through 2.2 for WordPress has xpinner-lite.php XSS. | |||||
| CVE-2015-9393 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_desc parameter. | |||||
| CVE-2015-9392 | 1 Usersultra | 1 Users Ultra Membership | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The users-ultra plugin before 1.5.63 for WordPress has XSS via the p_name parameter. | |||||
| CVE-2016-10999 | 1 Momizat | 1 Goodnews | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. | |||||
| CVE-2016-11013 | 1 Agentevolution | 1 Impress Listings | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. | |||||
| CVE-2016-11012 | 1 Solaplugins | 1 Sola Support Tickets | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. | |||||
| CVE-2015-9389 | 1 Mtouch Quiz Project | 1 Mtouch Quiz | 2019-09-20 | 3.5 LOW | 5.4 MEDIUM |
| The mtouch-quiz plugin before 3.1.3 for WordPress has XSS via a quiz name. | |||||
| CVE-2015-9384 | 1 Bestwebsoft | 1 Relevant | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The relevant plugin before 1.0.8 for WordPress has XSS. | |||||
| CVE-2016-11005 | 1 Elfsight | 1 Instalinker | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. | |||||
| CVE-2016-11001 | 1 Plugin-planet | 1 User Submitted Posts | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. | |||||
| CVE-2016-10998 | 1 Ocimscripts | 1 Ocim-mp3 | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. | |||||
| CVE-2019-16525 | 1 Checklist | 1 Checklist | 2019-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the checklist plugin before 1.1.9 for WordPress. The fill parameter is not correctly filtered in the checklist-icon.php file, and it is possible to inject JavaScript code. | |||||
| CVE-2018-18660 | 1 Arcserve | 1 Udp | 2019-09-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Arcserve Unified Data Protection (UDP) through 6.5 Update 4. There is a DDI-VRT-2018-21 Reflected Cross-site Scripting via /authenticationendpoint/domain.jsp issue. | |||||
| CVE-2019-16333 | 1 Get-simple | 1 Getsimple Cms | 2019-09-19 | 3.5 LOW | 5.4 MEDIUM |
| GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. | |||||
| CVE-2016-10992 | 1 Codepeople | 1 Music Store | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. | |||||
| CVE-2019-16216 | 1 Zulip | 1 Zulip Server | 2019-09-18 | 3.5 LOW | 5.4 MEDIUM |
| Zulip server before 2.0.5 incompletely validated the MIME types of uploaded files. A user who is logged into the server could upload files of certain types to mount a stored cross-site scripting attack on other logged-in users. On a Zulip server using the default local uploads backend, the attack is only effective against browsers lacking support for Content-Security-Policy such as Internet Explorer 11. On a Zulip server using the S3 uploads backend, the attack is confined to the origin of the configured S3 uploads hostname and cannot reach the Zulip server itself. | |||||
| CVE-2016-10976 | 1 Kodebyraaet | 1 Safe Editor | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. | |||||
| CVE-2019-15848 | 1 Jetbrains | 1 Teamcity | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. | |||||
| CVE-2019-16321 | 1 Scadabr | 1 Scadabr | 2019-09-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. | |||||