Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-8368 | 1 Open-emr | 1 Openemr | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenEMR v5.0.1-6 allows XSS. | |||||
| CVE-2019-16334 | 1 Bludit | 1 Bludit | 2019-09-16 | 3.5 LOW | 4.8 MEDIUM |
| In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. NOTE: this may overlap CVE-2017-16636. | |||||
| CVE-2016-10963 | 1 Icegram | 1 Icegram | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The icegram plugin before 1.9.19 for WordPress has XSS. | |||||
| CVE-2019-5985 | 2 Ntt-east, Ntt-west | 92 Pr-400ki, Pr-400ki Firmware, Pr-400mi and 89 more | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Hikari Denwa router/Home GateWay (Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, RS-500KI firmware version Ver.01.00.0070 and earlier, PR-500MI/RT-500MI firmware version Ver.01.01.0014 and earlier, and RS-500MI firmware version Ver.03.01.0019 and earlier, and Hikari Denwa router/Home GateWay provided by NIPPON TELEGRAPH AND TELEPHONE WEST CORPORATION PR-S300NE/RT-S300NE/RV-S340NE firmware version Ver. 19.41 and earlier, PR-S300HI/RT-S300HI/RV-S340HI firmware version Ver.19.01.0005 and earlier, PR-S300SE/RT-S300SE/RV-S340SE firmware version Ver.19.40 and earlier, PR-400NE/RT-400NE/RV-440NE firmware version Ver.7.42 and earlier, PR-400KI/RT-400KI/RV-440KI firmware version Ver.07.00.1010 and earlier, PR-400MI/RT-400MI/RV-440MI firmware version Ver. 07.00.1012 and earlier, PR-500KI/RT-500KI firmware version Ver.01.00.0090 and earlier, and PR-500MI/RT-500MI firmware version Ver.01.01.0011 and earlier) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-6003 | 1 Ec-cube | 1 Amazon Pay | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE plugin 'Amazon Pay Plugin 2.12,2.13' version 2.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-16312 | 1 S-cms | 1 S-cms | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| s-cms V3.0 has XSS in index.php?type=text via the S_id parameter. | |||||
| CVE-2019-16310 | 1 Niushop | 1 Niushop | 2019-09-16 | 3.5 LOW | 5.4 MEDIUM |
| NIUSHOP V1.11 has XSS via the index.php?s=/admin URI. | |||||
| CVE-2019-16289 | 1 Webcraftic | 1 Woody Ad Snippets | 2019-09-16 | 3.5 LOW | 5.4 MEDIUM |
| The insert-php (aka Woody ad snippets) plugin before 2.2.8 for WordPress allows authenticated XSS via the winp_item parameter. | |||||
| CVE-2016-10952 | 1 Quotes Collection Project | 1 Quotes Collection | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The quotes-collection plugin before 2.0.6 for WordPress has XSS via the wp-admin/admin.php?page=quotes-collection page parameter. | |||||
| CVE-2018-17300 | 1 Cuppacms | 1 Cuppacms | 2019-09-16 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS exists in CuppaCMS through 2018-09-03 via an administrator/#/component/table_manager/view/cu_menus section name. | |||||
| CVE-2019-12517 | 1 Slickquiz Project | 1 Slickquiz | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in the slickquiz plugin through 1.3.7.1 for WordPress. The save_quiz_score functionality available via the /wp-admin/admin-ajax.php endpoint allows unauthenticated users to submit quiz solutions/answers, which are stored in the database and later shown in the WordPress backend for all users with at least Subscriber rights. Because the plugin does not properly validate and sanitize this data, a malicious payload in either the name or email field is executed directly within the backend at /wp-admin/admin.php?page=slickquiz across all users with the privileges of at least Subscriber. | |||||
| CVE-2017-18615 | 1 Wp-kama | 1 Kama Click Counter | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The kama-clic-counter plugin before 3.5.0 for WordPress has XSS. | |||||
| CVE-2017-18613 | 1 Trust Form Project | 1 Trust Form | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The trust-form plugin 2.0 for WordPress has XSS via the wp-admin/admin.php?page=trust-form-edit page parameter. | |||||
| CVE-2017-18612 | 1 Netattingo | 1 Wp-whois-domain | 2019-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-whois-domain plugin 1.0.0 for WordPress has XSS via the pages/func-whois.php domain parameter. | |||||
| CVE-2016-10941 | 1 Podlove | 1 Podlove Podcast Publisher | 2019-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF. | |||||
| CVE-2019-16238 | 1 Afterlogic | 1 Aurora | 2019-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Afterlogic Aurora through 8.3.9-build-a3 has XSS that can be leveraged for session hijacking by retrieving the session cookie from the administrator login. | |||||
| CVE-2017-0912 | 1 Ui | 1 Ucrm | 2019-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Ubiquiti UCRM versions 2.5.0 to 2.7.7 are vulnerable to Stored Cross-site Scripting. Due to the lack sanitization, it is possible to inject arbitrary HTML code by manipulating the uploaded filename. Successful exploitation requires valid credentials to an account with "Edit" access to "Scheduling". | |||||
| CVE-2019-1305 | 1 Microsoft | 2 Azure Devops Server, Team Foundation Server | 2019-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability exists when Team Foundation Server does not properly sanitize user provided input, aka 'Team Foundation Server Cross-site Scripting Vulnerability'. | |||||
| CVE-2019-16193 | 1 Esri | 1 Arcgis Enterprise | 2019-09-12 | 3.5 LOW | 5.4 MEDIUM |
| In ArcGIS Enterprise 10.6.1, a crafted IFRAME element can be used to trigger a Cross Frame Scripting (XFS) attack through the EDIT MY PROFILE feature. | |||||
| CVE-2017-18603 | 1 Postman-smtp Project | 1 Postman-smtp | 2019-09-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| The postman-smtp plugin through 2017-10-04 for WordPress has XSS via the wp-admin/tools.php?page=postman_email_log page parameter. | |||||