Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

12003 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-17092 1 Openproject 1 Openproject 2019-10-14 4.3
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
CVE-2016-10873 1 Wpseeds 1 Wp Database Backup 2019-10-12 4.3
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
CVE-2019-1070 1 Microsoft 1 Sharepoint Enterprise Server 2019-10-11 3.5
A cross-site-scripting (XSS) vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft Office SharePoint XSS Vulnerability'.
CVE-2019-12707 1 Cisco 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection 2019-10-11 4.3
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected...
CVE-2019-17070 1 Lqd 1 Liquid Speech Balloon 2019-10-11 4.3
The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer.
CVE-2019-17417 1 Pbootcms 1 Pbootcms 2019-10-11 3.5
PbootCMS 2.0.2 allows XSS via vectors involving the Pboot/admin.php?p=/Single/index/mcode/1 and Pboot/?contact/ URIs.
CVE-2019-1328 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 3.5
A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'.
CVE-2019-1329 1 Microsoft 2 Sharepoint Enterprise Server, Sharepoint Foundation 2019-10-11 3.5
An elevation of privilege vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Elevation of Privilege Vulnerability'. This CVE...
CVE-2015-9459 1 Seo Searchterms Tagging 2 Project 1 Seo Searchterms Tagging 2 2019-10-11 4.3
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.
CVE-2015-9468 1 K-78 1 Broken Link Manager 2019-10-11 4.3
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.
CVE-2019-17491 1 Jnoj 1 Jiangnan Online Judge 2019-10-11 4.3
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[description] parameter to web/admin/problem/create or web/polygon/problem/update.
CVE-2019-17489 1 Jnoj 1 Jiangnan Online Judge 2019-10-11 4.3
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[title] parameter to web/polygon/problem/create or web/polygon/problem/update or web/admin/problem/create.
CVE-2019-17493 1 Jnoj 1 Jiangnan Online Judge 2019-10-11 4.3
Jiangnan Online Judge (aka jnoj) 0.8.0 has XSS via the Problem[sample_input] parameter to web/admin/problem/create or web/polygon/problem/update.
CVE-2019-17239 1 Wpfactory 1 Download Plugins And Themes From Dashboard 2019-10-11 4.3
includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues.
CVE-2015-9453 1 K-78 1 Broken Link Manager 2019-10-10 4.3
The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist.
CVE-2019-17071 1 Realbigplugins 1 Client Dash 2019-10-10 4.3
The client-dash (aka Client Dash) plugin 2.1.4 for WordPress allows XSS.
CVE-2019-17430 1 Eyoucms 1 Eyoucms 2019-10-10 4.3
EyouCms through 2019-07-11 has XSS related to the login.php web_recordnum parameter.
CVE-2019-0369 1 Sap 1 Financial Consolidation 2019-10-10 3.5
SAP Financial Consolidation, before versions 10.0 and 10.1, does not sufficiently encode user-controlled inputs, which allows an attacker to execute scripts by uploading files containing malicious scripts, leading to reflected cross site...
CVE-2019-17433 1 Laravel-admin 1 Laravel-admin 2019-10-10 3.5
z-song laravel-admin 1.7.3 has XSS via the Slug or Name on the Roles screen, because of mishandling on the "Operation log" screen.
CVE-2019-11651 1 Microfocus 2 Enterprise Developer, Enterprise Server 2019-10-10 4.3
Reflected XSS on Micro Focus Enterprise Developer and Enterprise Server, all versions prior to version 3.0 Patch Update 20, version 4.0 Patch Update 12, and version 5.0 Patch Update 2. The vulnerability could be exploited to redirect a user to a...