Vulnerabilities (CVE)

CWE filter

CWE-79

Filter

8964 total CVE
CVE Vendors Products Updated CVSS
CVE-2019-14227 1 Open-xchange 1 Open-xchange Appsuite 2019-10-16 4.3
OX App Suite 7.10.1 and 7.10.2 allows XSS.
CVE-2019-17535 1 Gilacms 1 Gila Cms 2019-10-16 4.3
Gila CMS through 1.11.4 allows blog-list.php XSS, in both the gila-blog and gila-mag themes, via the search parameter, a related issue to CVE-2019-9647.
CVE-2019-17504 1 Kirona 1 Dynamic Resource Scheduling 2019-10-16 4.3
An issue was discovered in Kirona Dynamic Resource Scheduling (DRS) 5.5.3.5. A reflected Cross-site scripting (XSS) vulnerability allows remote attackers to inject arbitrary web script via the /osm/report/ password parameter.
CVE-2010-5339 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][uid] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5338 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][action] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5337 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/basic/ with the parameter _dlg[captcha][controller] is non-persistent in 10.1.3 and 10.2.0.
CVE-2010-5340 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: webmail/ with the parameter password is non-persistent in 10.2.0.
CVE-2010-5336 2019-10-15 4.3
IceWarp Webclient before 10.2.1 has XSS via an HTTP POST request: admin/login.html with the parameter username is persistent in 10.2.0.
CVE-2015-9472 1 Monitorbacklinks 1 Incoming Links 2019-10-15 4.3
The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header.
CVE-2019-17496 1 Craftcms 1 Craft Cms 2019-10-15 4.3
Craft CMS before 3.3.8 has stored XSS via a name field. This field is mishandled during site deletion.
CVE-2019-17494 1 Laravel-bjyblog Project 1 Laravel-bjyblog 2019-10-15 4.3
laravel-bjyblog 6.1.1 has XSS via a crafted URL.
CVE-2015-9478 2019-10-15 4.3
prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS.
CVE-2019-17108 1 Centreon 1 Centreon Web 2019-10-15 4.3
Local file inclusion in brokerPerformance.php in Centreon Web before 2.8.28 allows attackers to disclose information or perform a stored XSS attack on a user.
CVE-2019-17488 1 B3log 1 Symphony 2019-10-15 4.3
b3log Symphony (aka Sym) before 3.6.0 has XSS via the HTTP User-Agent header.
CVE-2019-17092 1 Openproject 1 Openproject 2019-10-14 4.3
An XSS vulnerability in project list in OpenProject before 9.0.4 and 10.x before 10.0.2 allows remote attackers to inject arbitrary web script or HTML via the sortBy parameter because error messages are mishandled.
CVE-2016-10873 1 Wpseeds 1 Wp Database Backup 2019-10-12 4.3
The wp-database-backup plugin before 4.3.3 for WordPress has XSS.
CVE-2019-12707 1 Cisco 3 Unified Communications Manager, Unified Communications Manager Im And Presence Service, Unity Connection 2019-10-11 4.3
A vulnerability in the web-based interface of multiple Cisco Unified Communications products could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web-based interface of the affected...
CVE-2019-17070 1 Lqd 1 Liquid Speech Balloon 2019-10-11 4.3
The liquid-speech-balloon (aka LIQUID SPEECH BALLOON) plugin 1.0.5 for WordPress allows XSS with Internet Explorer.
CVE-2015-9459 1 Seo Searchterms Tagging 2 Project 1 Seo Searchterms Tagging 2 2019-10-11 4.3
The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter.
CVE-2015-9468 1 K-78 1 Broken Link Manager 2019-10-11 4.3
The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action.