Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-10393 1 Cformsii Project 1 Cformsii 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The cforms2 plugin before 10.5 for WordPress has XSS.
CVE-2017-18578 1 Crafty Social Buttons Project 1 Crafty Social Buttons 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
CVE-2019-15328 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
CVE-2019-15327 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.
CVE-2017-18534 1 Share On Diaspora Project 1 Share On Diaspora 2019-08-23 4.3 MEDIUM 6.1 MEDIUM
The share-on-diaspora plugin before 0.7.2 for WordPress has reflected XSS in share URL parameters.
CVE-2019-15127 1 Vanderbilt 1 Redcap 2019-08-23 3.5 LOW 5.4 MEDIUM
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
CVE-2018-13137 1 Wp-events-plugin 1 Events Manager 2019-08-23 3.5 LOW 4.8 MEDIUM
The Events Manager plugin 5.9.4 for WordPress has XSS via the dbem_event_reapproved_email_body parameter to the wp-admin/edit.php?post_type=event&page=events-manager-options URI.
CVE-2019-0334 1 Sap 1 Businessobjects Business Intelligence 2019-08-22 4.9 MEDIUM 5.4 MEDIUM
When creating a module in SAP BusinessObjects Business Intelligence Platform (BI Workspace), versions 4.1, 4.2, 4.3, it is possible to store a malicious script which when executed later could potentially allow a user to escalate privileges via session hijacking. The attacker could also access other sensitive information, leading to Stored Cross Site Scripting.
CVE-2019-13588 1 Wikindx Project 1 Wikindx 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability in getPagingStart() in core/lists/PAGING.php in WIKINDX before 5.8.2 allows remote attackers to inject arbitrary web script or HTML via the PagingStart parameter.
CVE-2015-9328 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.2.5 for WordPress has XSS.
CVE-2016-10910 1 Formbuilder Project 1 Formbuilder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The formbuilder plugin before 1.06 for WordPress has multiple XSS issues.
CVE-2016-10911 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 2.4.2 for WordPress has multiple XSS issues.
CVE-2014-10380 1 Cozmoslabs 1 Profile Builder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms.
CVE-2012-6715 1 Formbuilder Project 1 Formbuilder 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The formbuilder plugin before 0.9.1 for WordPress has XSS via a Referer header.
CVE-2016-10898 1 Fabrix 1 Total Security 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The total-security plugin before 3.4.1 for WordPress has XSS.
CVE-2012-6714 1 Count Per Day Project 1 Count Per Day 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The count-per-day plugin before 3.2.3 for WordPress has XSS via search words.
CVE-2016-10912 1 Matchboxdesigngroup 1 Universal Analytics 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The universal-analytics plugin before 1.3.1 for WordPress has XSS.
CVE-2016-10891 1 Activity Log Project 1 Activity Log 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The aryo-activity-log plugin before 2.3.3 for WordPress has XSS.
CVE-2016-10890 1 Activity Log Project 1 Activity Log 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The aryo-activity-log plugin before 2.3.2 for WordPress has XSS.
CVE-2017-18516 1 Bestwebsoft 1 Linkedin 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The bws-linkedin plugin before 1.0.5 for WordPress has multiple XSS issues.