Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-18487 | 1 Google Adsense Project | 1 Google Adsense | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The adsense-plugin (aka Google AdSense) plugin before 1.44 for WordPress has multiple XSS issues. | |||||
| CVE-2016-10866 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18507 | 1 Wp-livechat | 1 Wp Live Chat Support | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-live-chat-support plugin before 7.1.05 for WordPress has XSS. | |||||
| CVE-2018-20858 | 1 Edx | 1 Recommender | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Recommender before 2018-07-18 allows XSS. | |||||
| CVE-2018-20963 | 1 Codepeople | 1 Contact Form Email | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. | |||||
| CVE-2017-18498 | 1 Presstigers | 1 Simple Job Board | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-job-board plugin before 2.4.4 for WordPress has reflected XSS via keyword search. | |||||
| CVE-2017-18488 | 1 Backup-guard | 1 Backup Guard | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Backup Guard plugin before 1.1.47 for WordPress has multiple XSS issues. | |||||
| CVE-2017-18484 | 1 Elementalpath | 2 Cognitoys Dino, Cognitoys Dino Firmware | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cognitoys Dino devices allow XSS via the SSID. | |||||
| CVE-2019-14769 | 1 Backdropcms | 1 Backdrop | 2019-08-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) | |||||
| CVE-2019-14731 | 1 Cnezsoft | 1 Zentao | 2019-08-15 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ZenTao 11.5.1. There is an XSS (stored) vulnerability that leads to the capture of other people's cookies via the Rich Text Box. | |||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2019-08-15 | 3.5 LOW | 5.4 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | |||||
| CVE-2019-14792 | 1 Codecabin | 1 Wp Google Maps | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | |||||
| CVE-2019-14946 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS related to UM Roles create and edit operations. | |||||
| CVE-2019-14945 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.54 for WordPress has XSS. | |||||
| CVE-2019-14947 | 1 Ultimatemember | 1 Ultimate Member | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| The ultimate-member plugin before 2.0.52 for WordPress has XSS during an account upgrade. | |||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2019-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | |||||
| CVE-2017-18483 | 1 Annke | 2 Sp1, Sp1 Firmware | 2019-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| ANNKE SP1 HD wireless camera 3.4.1.1604071109 devices allow XSS via a crafted SSID. | |||||
| CVE-2019-14748 | 1 Osticket | 1 Osticket | 2019-08-14 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. The Ticket creation form allows users to upload files along with queries. It was found that the file-upload functionality has fewer (or no) mitigations implemented for file content checks; also, the output is not handled properly, causing persistent XSS that leads to cookie stealing or malicious actions. For example, a non-agent user can upload a .html file, and Content-Disposition will be set to inline instead of attachment. | |||||
| CVE-2019-14750 | 1 Osticket | 1 Osticket | 2019-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the execution of those queries. This can further lead to cookie stealing or other malicious actions. | |||||
| CVE-2019-14805 | 1 Una | 1 Una | 2019-08-14 | 3.5 LOW | 4.8 MEDIUM |
| studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | |||||