Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 21765 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2016-10895 1 Optiontree Project 1 Optiontree 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.
CVE-2017-18518 1 Bestwebsoft 1 Smtp 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues.
CVE-2017-18568 1 Mythemeshop 1 My Wp Translate 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The my-wp-translate plugin before 1.0.4 for WordPress has XSS.
CVE-2017-18517 1 Bestwebsoft 1 Pinterest 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues.
CVE-2019-3963 1 Open-emr 1 Openemr 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the patient_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2017-18567 1 Soflyy 1 Wp All Import 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The wp-all-import plugin before 3.4.6 for WordPress has XSS.
CVE-2015-9329 1 Soflyy 1 Wp All Import 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
CVE-2019-3964 1 Open-emr 1 Openemr 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
In OpenEMR 5.0.1 and earlier, controller.php contains a reflected XSS vulnerability in the doc_id parameter. This could allow an attacker to execute arbitrary code in the context of a user's session.
CVE-2016-10913 1 Joomunited 1 Wp Latest Posts 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.
CVE-2016-10893 1 Crayon Syntax Highlighter Project 1 Crayon Syntax Highlighter 2019-08-22 4.3 MEDIUM 6.1 MEDIUM
The crayon-syntax-highlighter plugin before 2.8.4 for WordPress has multiple XSS issues via AJAX requests.
CVE-2017-18566 1 Bestwebsoft 1 User Role 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The user-role plugin before 1.5.6 for WordPress has multiple XSS issues.
CVE-2017-18532 1 Bestwebsoft 1 Realty 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The realty plugin before 1.1.0 for WordPress has multiple XSS issues.
CVE-2017-18533 1 Rimons Twitter Widget Project 1 Rimons Twitter Widget 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The rimons-twitter-widget plugin before 1.3 for WordPress has XSS.
CVE-2018-20978 1 Soflyy 1 Wp All Import 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The wp-all-import plugin before 3.4.7 for WordPress has XSS.
CVE-2019-14790 1 Limbcode 1 Limb-gallery 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter,
CVE-2019-14795 1 Toggle-the-title Project 1 Toggle-the-title 2019-08-21 3.5 LOW 4.8 MEDIUM
The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter.
CVE-2019-14518 1 Modx 1 Evolution Cms 2019-08-21 3.5 LOW 5.4 MEDIUM
** DISPUTED ** Evolution CMS 2.0.x allows XSS via a description and new category location in a template. NOTE: the vendor states that the behavior is consistent with the "access policy in the administration panel."
CVE-2015-9317 1 Getawesomesupport 1 Awesome Support 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
CVE-2019-15082 1 Yofla 1 360 Product Rotation 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The 360-product-rotation plugin before 1.4.8 for WordPress has reflected XSS.
CVE-2016-10901 1 Gowebsolutions 1 Wp Customer Reviews 2019-08-21 4.3 MEDIUM 6.1 MEDIUM
The wp-customer-reviews plugin before 3.0.9 for WordPress has XSS in the admin tools.