| CVE |
Vendors |
Products |
Updated |
CVSS |
| CVE-2017-18508 |
1 Wp-livechat |
1 Wp Live Chat Support |
2019-08-25 |
4.3 |
| The wp-live-chat-support plugin before 7.1.03 for WordPress has XSS. |
| CVE-2017-1000227 |
1 Parallelus |
1 Salutation |
2019-08-24 |
3.5 |
| Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can |
| CVE-2019-1010247 |
|
|
2019-08-23 |
4.3 |
| ZmartZone IAM mod_auth_openidc 2.3.10.1 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Redirecting the user to a phishing page or interacting with the application on behalf of the user. The component is: File:... |
| CVE-2019-11522 |
1 Open-xchange |
1 Open-xchange Appsuite |
2019-08-23 |
3.5 |
| OX App Suite 7.10.0 to 7.10.2 allows XSS. |
| CVE-2019-15109 |
|
|
2019-08-23 |
4.3 |
| The the-events-calendar plugin before 4.8.2 for WordPress has XSS via the tribe_paged URL parameter. |
| CVE-2017-18577 |
1 Ibericode |
1 Mailchimp |
2019-08-23 |
4.3 |
| The mailchimp-for-wp plugin before 4.1.8 for WordPress has XSS via the return value of add_query_arg. |
| CVE-2017-18576 |
|
|
2019-08-23 |
4.3 |
| The event-notifier plugin before 1.2.1 for WordPress has XSS via the loading animation. |
| CVE-2017-18581 |
|
|
2019-08-23 |
4.3 |
| The time-sheets plugin before 1.5.0 for WordPress has XSS via the old timesheet list. |
| CVE-2008-7321 |
|
|
2019-08-23 |
4.3 |
| The tubepress plugin before 1.6.5 for WordPress has XSS. |
| CVE-2017-18564 |
1 Bestwebsoft |
1 Sender |
2019-08-23 |
4.3 |
| The sender plugin before 1.2.1 for WordPress has multiple XSS issues. |
| CVE-2017-18563 |
1 Swimordiesoftware |
1 Rsvp |
2019-08-23 |
4.3 |
| The rsvp plugin before 2.3.8 for WordPress has persistent XSS via the note field on the attendee-list screen. |
| CVE-2015-9327 |
|
|
2019-08-23 |
4.3 |
| The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS. |
| CVE-2019-4482 |
1 Ibm |
1 Emptoris Spend Analysis |
2019-08-23 |
3.5 |
| IBM Emptoris Spend Analysis 10.1.0 through 10.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials... |
| CVE-2019-4120 |
1 Ibm |
1 Cloud Private |
2019-08-23 |
3.5 |
| IBM Cloud Private 3.1.1 and 3.1.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure... |
| CVE-2014-10392 |
|
|
2019-08-23 |
4.3 |
| The cforms2 plugin before 10.2 for WordPress has XSS. |
| CVE-2014-10393 |
|
|
2019-08-23 |
4.3 |
| The cforms2 plugin before 10.5 for WordPress has XSS. |
| CVE-2017-18578 |
1 Crafty Social Buttons Project |
1 Crafty Social Buttons |
2019-08-23 |
4.3 |
| The crafty-social-buttons plugin before 1.5.8 for WordPress has XSS. |
| CVE-2018-20986 |
|
|
2019-08-23 |
3.5 |
| The advanced-custom-fields plugin before 5.7.8 for WordPress has XSS by authors. |
| CVE-2019-15328 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
4.3 |
| The import-users-from-csv-with-meta plugin before 1.14.0.3 for WordPress has XSS. |
| CVE-2019-15327 |
1 Codection |
1 Import Users From Csv With Meta |
2019-08-23 |
4.3 |
| The import-users-from-csv-with-meta plugin before 1.14.1.3 for WordPress has XSS via imported data. |
