Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

11521 total CVE
CVE Vendors Products Updated CVSS
CVE-2017-18508 1 Wp-livechat 1 Wp Live Chat Support 2019-08-25 4.3
The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS.
CVE-2017-1000227 1 Parallelus 1 Salutation 2019-08-24 3.5
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
CVE-2019-1010247 2019-08-23 4.3
ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File:...
CVE-2019-11522 1 Open-xchange 1 Open-xchange Appsuite 2019-08-23 3.5
OX App Suite 7.10.0 to 7.10.2 allows XSS.
CVE-2019-15109 2019-08-23 4.3
The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter.
CVE-2017-18577 1 Ibericode 1 Mailchimp 2019-08-23 4.3
The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg.
CVE-2017-18576 2019-08-23 4.3
The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation.
CVE-2017-18581 2019-08-23 4.3
The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list.
CVE-2008-7321 2019-08-23 4.3
The tubepress plugin before 1.6.5 for WordPress has XSS.
CVE-2017-18564 1 Bestwebsoft 1 Sender 2019-08-23 4.3
The sender plugin before 1.2.1 for WordPress has multiple XSS issues.
CVE-2017-18563 1 Swimordiesoftware 1 Rsvp 2019-08-23 4.3
The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen.
CVE-2015-9327 2019-08-23 4.3
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
CVE-2019-4482 1 Ibm 1 Emptoris Spend Analysis 2019-08-23 3.5
IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials...
CVE-2019-4120 1 Ibm 1 Cloud Private 2019-08-23 3.5
IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure...
CVE-2014-10392 2019-08-23 4.3
The cforms2 plugin before 10.2 for WordPress has XSS.
CVE-2014-10393 2019-08-23 4.3
The cforms2 plugin before 10.5 for WordPress has XSS.
CVE-2017-18578 1 Crafty Social Buttons Project 1 Crafty Social Buttons 2019-08-23 4.3
The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS.
CVE-2018-20986 2019-08-23 3.5
The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors.
CVE-2019-15328 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3
The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS.
CVE-2019-15327 1 Codection 1 Import Users From Csv With Meta 2019-08-23 4.3
The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data.