CWE:
 

Topic
Date
Author
Low
nuevoMailer v.4.00 Cross-Site Scripting Vulnerability
17.10.2017
P4kL0nc4t
Low
WordPress Influencer Marketing And Press Release System 2.2 XSS
17.10.2017
Ricardo Sanchez
Low
Webtrekk Pixel Tracking Cross Site Scripting
17.10.2017
SEC Consult
Med.
E-Sic Software livre CMS 1.0 Cross Site Scripting / SQL Injection
16.10.2017
Elber Tavares
Low
DreamBox BouquetEditor 2.0.0 Cross Site Scripting
13.10.2017
Thiago "THX" Sena
Low
WordPress Pootle Button 1.1.1 Cross Site Scripting
13.10.2017
Ricardo Sanchez
Low
WordPress PopCash.Net Publisher Code Integration 1.0 Cross Site Scripting
12.10.2017
Ricardo Sanchez
Low
OctoberCMS 1.0.425 Cross Site Scripting
12.10.2017
Ishaq Mohammed
Low
WordPress WP-Contact-Widgets 1.4.1 Cross Site Scripting
12.10.2017
Boumediene KADDOUR
Low
WordPress TR Easy Google Analytics 1.0.0 Cross Site Scripting
11.10.2017
Ricardo Sanchez
Low
Lansweeper 6.0.0.63 Cross Site Scripting
08.10.2017
Multiple
Low
EPESI 1.8.2 Revision 20170830 Cross Site Scripting
05.10.2017
Zeeshan Shaikh
Low
SmarterStats 11.3.6347 Cross Site Scripting
02.10.2017
David Hoyt
Med.
WordPress Content Audit 1.9.1 Cross Site Request Forgery / Cross Site Scripting
28.09.2017
Tom Adams
Low
Sitefinity CMS 9.2 Cross-Site Scripting
26.09.2017
Pralhad Chaskar
Med.
Kaltura 13.1.0 Code Execution / Cross Site Scripting
25.09.2017
Robin Verton
Low
CMS TMBA Co Cross Site Scripting
22.09.2017
Mostafa.Akbarzadeh
Low
WordPress 2kb Amazon Affiliates Store 2.1.0 Cross Site Scripting
21.09.2017
Ricardo Sanchez
Low
SUSE/Portus 2.2 Cross Site Scripting
19.09.2017
rsanchezr
Low
SilverStrip CMS 3.5.3 Cross Site Scripting
15.09.2017
Anonymous
Low
Divar Cross Site Scripting
12.09.2017
ArashHC
High
D-Link 850L XSS Backdoor and Code Execution
10.09.2017
Pierre Kim
Low
WordPress Training Membership 1.0.8 Cross Site Scripting
10.09.2017
8bitsec
Low
CMS Showcase 1.0 Cross Site Scripting
10.09.2017
Felipe "Renzi" Gabriel
Med.
EE 4GEE Wireless Router EE60_00_05.00_25 XSS / CSRF / Disclosure
10.09.2017
James Hemmings
Low
IWEBSOUL CMS - Multiple Cross Site Scripting Vulnerabilities
08.09.2017
Renzi
Low
Wordpress cool-flickr-slideshow Plugin Cross Site Scripting(xss)
07.09.2017
Ashiyane Digital Secur...
Low
Wordpress Contact Form 7 International Sms Integration Plugin Cross Site Scripting
07.09.2017
Ashiyane Digital Secur...
Low
Subrion Cms Cross Site Scripting (XSS)
07.09.2017
Ashiyane Digital Secur...
Low
WordPress Plugin Participants Database < 1.7.5.10 Cross-Site Scripting
05.09.2017
Benjamin Lim
Low
MISP 2.4.79 Cross Site Scripting
30.08.2017
Deloitte Zero Day
Low
Eleanor CMS v0.9 Stored Cross Site Scripting
24.08.2017
Iran Cyber Security Gr...
Med.
Progress Sitefinity 9.1 XSS / Session Management / Open Redirect
23.08.2017
SEC Consult
Med.
Backdrop CMS 1.7.1 Cross Site Scripting
23.08.2017
Manuel Garcia Cardenas
High
QuantaStor Software Defined Storage < 4.3.1 Multiple Vulnerabilities
18.08.2017
Nahuel D. Sanchez, VVV...
Low
Quali CloudShell 7.1.0.6508 (Patch 6) Persistent Cross Site Scripting
14.08.2017
Benjamin Lee
Low
WordPress PressForward 4.3.0 Cross Site Scripting
11.08.2017
Neven Biruski
Low
CMS Made Simple - Reflected Cross-Site Scripting
08.08.2017
Renzi
Low
WordPress GamePlan Event And Gym Fitness Theme 1.5.13.2 Cross Site Scripting
06.08.2017
Kushal Jaisingh
Low
Axis 2100 Network Camera 2.43 Cross Site Scripting
04.08.2017
Nassim Asrir
Low
Technicolor TC7337 Cross Site Scripting
03.08.2017
Geolado Giolado
Low
TYPO3 Formhandler 2.4.0 Cross Site Scripting
01.08.2017
RedTeam
Med.
Flash Slideshow Maker Professional XSS / Content Forgery / Redirect
01.08.2017
ret2eax
Low
FortiOS <= 5.6.0 Multiple XSS Vulnerabilities
28.07.2017
Patryk Bogdan
Low
WordPress FormCraft Form Builder 3.2.31 Cross Site Scripting
26.07.2017
8bitsec
Low
WordPress Ultimate Affiliate Pro 3.6 Cross Site Scripting
26.07.2017
8bitsec
Low
WebMotionUK CMS Reflected Cross site scripting(xss) Vulnerability
26.07.2017
Ashiyane Digital Secur...
High
WebKit JSC JSObject::putInlineSlow & JSValue::putToPrimitive XSS
25.07.2017
lokihardt
Med.
PaulShop Cross Site Scripting / SQL Injection
25.07.2017
BTIS Team
Low
Ubiquiti Networks EP-R6 / ER-X / ER-X-SFP Cross Site Scripting
25.07.2017
SEC Consult
Low
REDDOXX Appliance Cross Site Scripting
25.07.2017
RedTeam
Low
Oracle Web Center 11.1.1.9.0 / 12.2.1.1.0 / 12.2.1.2.0 XSS
23.07.2017
Owais
Low
WordPress Task Manager Pro 1.31 Cross Site Scripting
21.07.2017
8bitsec
Low
PEGA Platform 7.2 ML0 Missing Access Control / Cross Site Scripting
19.07.2017
Daniel Correa
Low
Vodafone Italia Webmail Cross Site Scripting
14.07.2017
theMiddle
Med.
AGFEO Smart Home ES 5xx / 6xx Authentication Bypass / XSS / Hardcoded Credentials
12.07.2017
SEC
Low
RaidenHTTPD 2.0.44 User-Agent Cross Site Scripting
12.07.2017
sultan albalawi
Low
CMS Showcase - Multiple Reflected Cross-Site Scripting
12.07.2017
Renzi
Low
ObjectPlanet Opinio 7.6.3 Cross Site Scripting
12.07.2017
Kasper Karlsson
Low
Wordpress Plugin How-Interest Cross-Site Scripting
11.07.2017
@wazehell
Low
kiteworks by Accellion - Reflected XSS
11.07.2017
bRpsd
Low
Rise Ultimate Project Manager 1.8 Cross Site Scripting
11.07.2017
8bitsec
Low
Schneider Electric Pelco Sarix/Spectra Cameras XSS
11.07.2017
Gjoko 'LiquidWorm' Krs...
Low
Joomla Akobook Component Cross-Site Scripting
10.07.2017
Obsidian Cyber Team
Med.
Yaws 2.0 Cross Site Scripting
05.07.2017
sultan albalawi
Low
Humax Digital HG100R 2.0.6 XSS / Information Disclosure
04.07.2017
The Gambler
Low
Webmin 1.840 Cross Site Scripting
04.07.2017
Andy Tan
Low
Xenforo Forum CMS 1.5.13 Cross Site Scripting
04.07.2017
insecurity
Low
Microsoft Dynamic CRM 2016 Cross Site Scripting
01.07.2017
GrA(c)gory Draperi
Med.
Kaspersky Anti-Virus File Server 8.0.3.297 XSS / CSRF / Code Execution
29.06.2017
CORE
Med.
Cisco Prime Infrastructure 3.1.6 XXE Injection / XSS / LFD / SQL Injection
25.06.2017
SEC Consult
Low
SimpleRisk v20170416-001 Reflected XSS Vulnerabilities
22.06.2017
Gjoko 'LiquidWorm' Krs...
Low
WordPress Download Manager 2.9.46 / 2.9.51 Cross Site Scripting
21.06.2017
Tom Adams
Low
Ektron CMS 9.10SP1 Cross Site Scripting
20.06.2017
Siyavash and Edmund
Low
SadafBlog Script Cross Site Scripting Stored
19.06.2017
GIST
Med.
Invision Power Board 4.1.19.2 XSS / CSRF / File Upload / Disclosure
15.06.2017
insecurity
Med.
SimpleCE 2.3.0 Cross Site Request Forgery / Cross Site Scripting
15.06.2017
8bitsec
Med.
Camstudio 2.0 XSS / XSF / Content Forgery
15.06.2017
insecurity
Low
MyBB 1.8.12 Stored XSS / File Enumeration
14.06.2017
5tarboy
Low
Evolution Script CMS 5.3 Cross Site Scripting
13.06.2017
Vulnerability Lab
Low
RSA Products Cross Site Scripting
12.06.2017
Lukasz Plonka
Low
Evolution Script CMS v5.3 - Cross Site Scripting Vulnerability
12.06.2017
Vulnerability Lab
Low
Composr CMS v10.0.0 - Cross Site Scripting Vulnerability
12.06.2017
Vulnerability Lab
High
Craft CMS 2.6 Cross Site Scripting / File Upload
08.06.2017
Ahsan Tahir
Low
Sophos Cyberoam Cross Site Scripting
07.06.2017
Bhadresh
Low
GravCMS Core 1.4.2 Cross Site Scripting
07.06.2017
Ahsan Tahir
High
Perch CMS 3.0.3 Cross Site Scripting / File Upload
07.06.2017
Vulnerability Lab
Low
Subsonic 6.1.1 Persistent XSS
06.06.2017
hyp3rlinx
Low
WordPress No External Links 3.5.17 Cross Site Scripting
03.06.2017
DefenseCode
Med.
WordPress Tribulant Newsletters 4.6.4.2 XSS / File Disclosure
03.06.2017
DefenseCode
Low
WebKit CachedFrameBase::restore Universal Cross Site Scripting
01.06.2017
lokihardt
Low
WebKit Document::prepareForDestruction / CachedFrame Universal XSS
01.06.2017
lokihardt
Low
WebKit CachedFrame Universal Cross Site Scripting
01.06.2017
lokihardt
Low
WordPress Simple Slideshow Manager 2.2 Cross Site Scripting
31.05.2017
DefenceCode
Low
ampache v3.8.2 Cross Site Scripting
30.05.2017
hyp3rlinx
Low
Aries QWR-1104 Wireless-N Cross Site Scripting
28.05.2017
Touhid M.Shaikh
Low
Sunell IPCAMERA IPR54/14AKDN(II)/13 Cross Site Scripting
28.05.2017
Stephan Sekula
Low
WordPress AffiliateWP 2.0.8 Cross Site Scripting
28.05.2017
defensecode
Low
WordPress All In One Schema.org Rich Snippets 1.4.1 XSS
28.05.2017
defensecode
Low
Sunell IPR54/14AKDN(II)/13 Cross Site Scripting
28.05.2017
Stephan Sekula


CVEMAP Search Results

CVE
Details
Description
2015-02-19
Low
CVE-2014-6301

Vendor: Pnmsoft
Software: Sequence kin...
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the tables-management module in PNMsoft Sequence Kinetics before 7.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
Low
CVE-2015-1603

Vendor: Adminsystems cms project
Software: Adminsystems cms
 

 
Multiple cross-site scripting (XSS) vulnerabilities in Adminsystems CMS before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php or (2) id parameter in a users_users action to asys/site/system.php.

 
Low
CVE-2015-1879

Vendor: Google doc embedder
Software: Google doc e...
 

 
Cross-site scripting (XSS) vulnerability in the Google Doc Embedder plugin before 2.5.19 for WordPress allows remote attackers to inject arbitrary web script or HTML via the profile parameter in an edit action in the gde-settings page to wp-admin/options-general.php.

 
2015-02-18
Low
CVE-2015-0623

Vendor: Cisco
Software: Web security...
 

 
Cross-site scripting (XSS) vulnerability in the Administrator report page on Cisco Web Security Appliance (WSA) devices allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka Bug ID CSCus40627.

 
2015-02-17
Low
CVE-2015-1617

Vendor: Mcafee
Software: Data loss pr...
 

 
Cross-site scripting (XSS) vulnerability in the ePO extension in McAfee Data Loss Prevention Endpoint (DLPe) before 9.3.400 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

 
Low
CVE-2015-1619

Vendor: Mcafee
Software: Email gateway
 

 
Cross-site scripting (XSS) vulnerability in the Secure Web Mail Client user interface in McAfee Email Gateway (MEG) 7.6.x before 7.6.3.2, 7.5.x before 75.6, 7.0.x through 7.0.5, 5.6, and earlier allows remote authenticated users to inject arbitrary web script or HTML via unspecified tokens in Digest messages.

 
Low
CVE-2015-1621

Vendor: Webform prepopulate block project
Software: Webform prep...
 

 
Cross-site scripting (XSS) vulnerability in the Webform prepopulate block module before 7.x-3.1 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.

 
2015-02-12
Low
CVE-2015-0873

Vendor: Homepage decorator
Software: Perltreebbs
 

 
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

 
2015-02-11
Low
CVE-2015-1582

Vendor: Web-dorado
Software: Spider facebook
 

 
Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in a registration task to the default URI or remote administrators to inject arbitrary web script or HTML via the (2) asc_or_desc, (3) order_by, (4) page_number, (5) serch_or_not, or (6) search_events_by_title parameter in (a) the Spider_Facebook_manage page to wp-admin/admin.php or a (b) selectpagesforfacebook or (c) selectpostsforfacebook action to wp-admin/admin-ajax.php.

 
Low
CVE-2015-1575

Vendor: YUBA
Software: U5cms
 

 
Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p parameter to index.php; the (5) a or (6) b parameter to u5admin/cookie.php; the name parameter to (7) copy.php or (8) delete.php in u5admin/; the (9) f or (10) typ parameter to u5admin/deletefile.php; the (11) n parameter to u5admin/done.php; the (12) c parameter to u5admin/editor.php; the (13) uri parameter to u5admin/meta2.php; the (14) n parameter to u5admin/notdone.php; the (15) newname parameter to u5admin/rename2.php; the (16) l parameter to u5admin/sendfile.php; the (17) s parameter to u5admin/characters.php; the (18) page parameter to u5admin/savepage.php; or the (19) name parameter to u5admin/new2.php.

 

 


Copyright 2017, cxsecurity.com

 

Back to Top