Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16146 | 1 Getgophish | 1 Gophish | 2019-09-10 | 3.5 LOW | 4.8 MEDIUM |
| Gophish through 0.8.0 allows XSS via a username. | |||||
| CVE-2018-21014 | 1 Buddyboss | 1 Buddymoss Media | 2019-09-10 | 3.5 LOW | 5.4 MEDIUM |
| The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. | |||||
| CVE-2018-18373 | 1 Schiocco | 1 Support Board - Chat And Help Desk | 2019-09-09 | 3.5 LOW | 5.4 MEDIUM |
| In the Schiocco "Support Board - Chat And Help Desk" plugin 1.2.3 for WordPress, a Stored XSS vulnerability has been discovered in file upload areas in the Chat and Help Desk sections via the msg parameter in a /wp-admin/admin-ajax.php sb_ajax_add_message action. | |||||
| CVE-2019-6796 | 1 Gitlab | 1 Gitlab | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS (issue 2 of 2). The user status field contains a lack of input validation and output encoding that results in a persistent XSS. | |||||
| CVE-2019-16126 | 1 Getgrav | 1 Grav Cms | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grav through 1.6.15 allows (Stored) Cross-Site Scripting due to JavaScript execution in SVG images. | |||||
| CVE-2019-16130 | 1 Hgw168cc | 1 Yii-cms | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| YII2-CMS v1.0 has XSS in protected\core\modules\home\models\Contact.php via a name field to /contact.html. | |||||
| CVE-2019-16104 | 1 Silver-peak | 2 Unity Edgeconnect Sd-wan, Unity Edgeconnect Sd-wan Firmware | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Silver Peak EdgeConnect SD-WAN before 8.1.7.x has reflected XSS via the rest/json/configdb/download/ PATH_INFO. | |||||
| CVE-2019-10677 | 1 Dasanzhone | 2 Znid Gpon 2426a Eu, Znid Gpon 2426a Eu Firmware | 2019-09-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross-Site Scripting (XSS) issues in the web interface on DASAN Zhone ZNID GPON 2426A EU version S3.1.285 devices allow a remote attacker to execute arbitrary JavaScript via manipulation of an unsanitized GET parameter: /zhndnsdisplay.cmd (name), /wlsecrefresh.wl (wlWscCfgMethod, wl_wsc_reg). | |||||
| CVE-2018-17586 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_timeout_pages action. | |||||
| CVE-2018-17583 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the rules[0][content] parameter in a wpfc_save_exclude_pages action. | |||||
| CVE-2018-17585 | 1 Wpfastestcache | 1 Wp Fastest Cache | 2019-09-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fastest Cache plugin 0.8.8.5 for WordPress has XSS via the wpfastestcacheoptions wpFastestCachePreload_number or wpFastestCacheLanguage parameter. | |||||
| CVE-2019-1020010 | 1 Misskey | 1 Misskey | 2019-09-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| Misskey before 10.102.4 allows hijacking a user's token. | |||||
| CVE-2019-14470 | 2 Instagram-php-api Project, Userproplugin | 2 Instagram-php-api, User Pro | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| cosenary Instagram-PHP-API (aka Instagram PHP API V2), as used in the UserPro plugin through 4.9.32 for WordPress, has XSS via the example/success.php error_description parameter. | |||||
| CVE-2019-15814 | 1 Sentrifugo | 1 Sentrifugo | 2019-09-04 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | |||||
| CVE-2018-20977 | 1 Brainstormforce | 1 Schema | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-schemaorg-rich-snippets plugin before 1.5.0 for WordPress has XSS on the settings page. | |||||
| CVE-2019-15109 | 1 Tri | 1 The Events Calendar | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. | |||||
| CVE-2016-10892 | 1 Kibokolabs | 1 Chained Quiz | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The chained-quiz plugin before 1.0 for WordPress has multiple XSS issues. | |||||
| CVE-2019-15889 | 1 Wpdownloadmanager | 1 Wordpress Download Manager | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-manager plugin before 2.9.94 for WordPress has XSS via the category shortcode feature, as demonstrated by the orderby or search[publish_date] parameter. | |||||
| CVE-2019-15898 | 1 Nagios | 1 Log Server | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. | |||||
| CVE-2015-9369 | 1 Ithemes | 1 Easy Us Sales Taxes | 2019-09-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Easy US Sales Taxes Add-on for iThemes Exchange before 1.1.0 for WordPress has XSS via add_query_arg() and remove_query_arg(). | |||||