Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9247 | 1 Skyboxsecurity | 1 Skybox Platform | 2018-01-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Skybox Platform before 7.5.401. Reflected cross-site scripting vulnerabilities exist in /skyboxview/webservice/services/VersionRepositoryWebService via a soapenv:Body element, or in the status parameter to login.html. | |||||
| CVE-2016-10705 | 1 Automattic | 1 Jetpack | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module. | |||||
| CVE-2016-10706 | 1 Automattic | 1 Jetpack | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link. | |||||
| CVE-2018-5655 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php security parameter. | |||||
| CVE-2018-5654 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php PFFREE_Access_Token parameter. | |||||
| CVE-2018-5653 | 1 Weblizar | 1 Pinterest-feeds | 2018-01-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the weblizar-pinterest-feeds plugin 1.1.1 for WordPress. XSS exists via the wp-admin/admin-ajax.php weblizar_pffree_settings_save_get-users parameter. | |||||
| CVE-2018-5652 | 1 Dark Mode Project | 1 Dark Mode | 2018-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_end parameter. | |||||
| CVE-2018-5651 | 1 Dark Mode Project | 1 Dark Mode | 2018-01-24 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the dark-mode plugin 1.6 for WordPress. XSS exists via the wp-admin/profile.php dark_mode_start parameter. | |||||
| CVE-2017-15374 | 1 Shopware | 1 Shopware | 2018-01-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopware v5.2.5 - v5.3 is vulnerable to cross site scripting in the customer and order section of the content management system backend modules. Remote attackers are able to inject malicious script code into the firstname, lastname, or order input fields to provoke persistent execution in the customer and orders section of the backend. The execution occurs in the administrator backend listing when processing a preview of the customers (kunden) or orders (bestellungen). The injection can be performed interactively via user registration or by manipulation of the order information inputs. The issue can be exploited by low privileged user accounts against higher privileged (admin or moderator) accounts. | |||||
| CVE-2018-5364 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[browser_redirect][redirect_by_language] parameter to wp-admin/options.php. | |||||
| CVE-2018-5366 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[more_languages] parameter to wp-admin/options.php. | |||||
| CVE-2018-5365 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[selector_wp_list_pages][show_selector] parameter to wp-admin/options.php. | |||||
| CVE-2018-5362 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][page] parameter to wp-admin/options.php. | |||||
| CVE-2018-5363 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[enabled_languages][en] or wpglobus_option[enabled_languages][fr] (or any other language) parameter to wp-admin/options.php. | |||||
| CVE-2018-5367 | 1 Wpglobus | 1 Wpglobus | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| The WPGlobus plugin 1.9.6 for WordPress has XSS via the wpglobus_option[post_type][post] parameter to wp-admin/options.php. | |||||
| CVE-2018-5668 | 1 Read And Understood Project | 1 Read And Understood | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_title parameter. | |||||
| CVE-2018-5667 | 1 Read And Understood Project | 1 Read And Understood | 2018-01-23 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the read-and-understood plugin 2.1 for WordPress. XSS exists via the wp-admin/options-general.php rnu_username_validation_pattern parameter. | |||||
| CVE-2018-5288 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-transfer page. | |||||
| CVE-2018-5286 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-about page. | |||||
| CVE-2018-5293 | 1 Gd Rating System Project | 1 Gd Rating System | 2018-01-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GD Rating System plugin 2.3 for WordPress has XSS via the wp-admin/admin.php panel parameter for the gd-rating-system-tools page. | |||||