Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10864 | 1 Netgear | 2 Ex7000, Ex7000 Firmware | 2019-08-19 | 2.9 LOW | 5.2 MEDIUM |
| NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID. | |||||
| CVE-2019-14974 | 1 Sugarcrm | 1 Sugarcrm | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS. | |||||
| CVE-2018-1000416 | 1 Jobconfighistory Project | 1 Jobconfighistory | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting vulnerability exists in Jenkins Job Config History Plugin 2.18 and earlier in all Jelly files that shows arbitrary attacker-specified HTML in Jenkins to users with Job/Configure access. | |||||
| CVE-2016-10880 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-document-embedder plugin before 2.6.1 for WordPress has XSS. | |||||
| CVE-2016-10881 | 1 Google Doc Embedder Project | 1 Google Doc Embedder | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The google-document-embedder plugin before 2.6.2 for WordPress has XSS. | |||||
| CVE-2019-0332 | 1 Sap | 1 Businessobjects Business Intelligence | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Info View), versions 4.1, 4.2, 4.3, allows an attacker to give some payload for keyword in the search and it will be executed while search performs its action, resulting in Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2018-10547 | 4 Canonical, Debian, Netapp and 1 more | 4 Ubuntu Linux, Debian Linux, Storage Automation Store and 1 more | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in ext/phar/phar_object.c in PHP before 5.6.36, 7.0.x before 7.0.30, 7.1.x before 7.1.17, and 7.2.x before 7.2.5. There is Reflected XSS on the PHAR 403 and 404 error pages via request data of a request for a .phar file. NOTE: this vulnerability exists because of an incomplete fix for CVE-2018-5712. | |||||
| CVE-2018-17082 | 3 Debian, Netapp, Php | 3 Debian Linux, Storage Automation Store, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Apache2 component in PHP before 5.6.38, 7.0.x before 7.0.32, 7.1.x before 7.1.22, and 7.2.x before 7.2.10 allows XSS via the body of a "Transfer-Encoding: chunked" request, because the bucket brigade is mishandled in the php_handler function in sapi/apache2handler/sapi_apache2.c. | |||||
| CVE-2018-5712 | 3 Canonical, Debian, Php | 3 Ubuntu Linux, Debian Linux, Php | 2019-08-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in PHP before 5.6.33, 7.0.x before 7.0.27, 7.1.x before 7.1.13, and 7.2.x before 7.2.1. There is Reflected XSS on the PHAR 404 error page via the URI of a request for a .phar file. | |||||
| CVE-2018-9997 | 1 Open-xchange | 1 Open-xchange Appsuite | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in mail compose in Open-Xchange OX App Suite before 7.6.3-rev31, 7.8.x before 7.8.2-rev31, 7.8.3 before 7.8.3-rev41, and 7.8.4 before 7.8.4-rev28 allows remote attackers to inject arbitrary web script or HTML via the data-target attribute in an HTML page with data-toggle gadgets. | |||||
| CVE-2015-9306 | 1 Smackcoders | 1 Ultimate Csv Importer | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | |||||
| CVE-2015-9303 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | |||||
| CVE-2017-18506 | 1 Wpovernight | 1 Woocommerce Pdf Invoices\& Packing Slips | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woocommerce-pdf-invoices-packing-slips plugin before 2.0.13 for WordPress has XSS via the tab or section variable on settings screens. | |||||
| CVE-2017-18500 | 1 Bestwebsoft | 1 Social Buttons Pack | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9314 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | |||||
| CVE-2015-9312 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | |||||
| CVE-2015-9311 | 1 Newstatpress Project | 1 Newstatpress | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | |||||
| CVE-2017-18502 | 1 Bestwebsoft | 1 Subscriber | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18503 | 1 Wpdeveloper | 1 Twitter Cards Meta | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The twitter-cards-meta plugin before 2.5.0 for WordPress has XSS. | |||||
| CVE-2017-18501 | 1 Bestwebsoft | 1 Social Login | 2019-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-login-bws plugin before 0.2 for WordPress has multiple XSS issues. | |||||