Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-13189 1 Eng 1 Knowage 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page.
CVE-2018-16254 1 Soflyy 1 Wp All Import 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
** DISPUTED ** There is an XSS vulnerability in WP All Import plugin 3.4.9 for WordPress via action=options. NOTE: The vendor states that this is not a vulnerability. WP All Import is only able to be used by a logged in administrator, and the action described can only be taken advantage of by a logged in administrator.
CVE-2017-18591 1 Gdragon 1 Gd Rating System 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
The gd-rating-system plugin before 2.1 for WordPress has XSS in log.php.
CVE-2018-18668 1 Gnuboard 1 Gnuboard5 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
GNUBOARD5 before 5.3.2.0 has XSS that allows remote attackers to inject arbitrary web script or HTML via the "homepage title" parameter, aka the adm/config_form_update.php cf_title parameter.
CVE-2015-9354 1 Tri.be 1 Gigpress 2019-08-29 3.5 LOW 4.8 MEDIUM
The gigpress plugin before 2.3.11 for WordPress has XSS.
CVE-2017-18579 1 Dwbooster 1 Corner Ad 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
The corner-ad plugin before 1.0.8 for WordPress has XSS.
CVE-2016-10934 1 Check Email Project 1 Check Email 2019-08-29 4.3 MEDIUM 6.1 MEDIUM
The check-email plugin before 0.5.2 for WordPress has XSS.
CVE-2012-6718 1 Sharebar Project 1 Sharebar 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The sharebar plugin before 1.2.2 for WordPress has XSS, a different issue than CVE-2013-3491.
CVE-2014-10395 1 Codepeople 1 Polls Cp 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list.
CVE-2015-9342 1 Impress 1 Wp Rollback 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The wp-rollback plugin before 1.2.3 for WordPress has XSS.
CVE-2015-9349 1 Cksource 1 Ckeditor 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
CVE-2015-9350 1 Slickremix 1 Feed Them Social 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.
CVE-2016-10936 1 Wp-polls Project 1 Wp-polls 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The wp-polls plugin before 2.73.1 for WordPress has XSS via the Poll bar option.
CVE-2015-9347 1 Plot 1 Plotly 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.
CVE-2015-9346 1 Codepeople 1 Polls Cp 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The cp-polls plugin before 1.0.5 for WordPress has XSS.
CVE-2019-15314 1 Tiki 1 Tikiwiki Cms\/groupware 2019-08-28 3.5 LOW 5.4 MEDIUM
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
CVE-2019-15501 1 Lsoft 1 Listserv 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
Reflected cross site scripting (XSS) in L-Soft LISTSERV before 16.5-2018a exists via the /scripts/wa.exe OK parameter.
CVE-2019-13274 2 Debian, Xymon 2 Debian Linux, Xymon 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
In Xymon through 4.3.28, an XSS vulnerability exists in the csvinfo CGI script due to insufficient filtering of the db parameter.
CVE-2017-18590 1 Bestwebsoft 1 Timesheet 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The timesheet plugin before 0.1.5 for WordPress has multiple XSS issues.
CVE-2019-15644 1 Zoho 1 Salesiq 2019-08-28 4.3 MEDIUM 6.1 MEDIUM
The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS.