Total
40965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-17239 | 1 Wpfactory | 1 Download Plugins And Themes From Dashboard | 2024-11-21 | 6.1 Medium |
| includes/settings/class-alg-download-plugins-settings.php in the download-plugins-dashboard plugin through 1.5.0 for WordPress has multiple unauthenticated stored XSS issues. | ||||
| CVE-2019-17236 | 1 Getigniteup | 1 Igniteup | 2024-11-21 | 6.1 Medium |
| includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress is vulnerable to stored XSS. | ||||
| CVE-2019-17233 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 6.1 Medium |
| Functions/EWD_UFAQ_Import.php in the ultimate-faqs plugin through 1.8.24 for WordPress allows HTML content injection. | ||||
| CVE-2019-17231 | 1 Mageewp | 1 Onetone | 2024-11-21 | 6.1 Medium |
| includes/theme-functions.php in the OneTone theme through 3.0.6 for WordPress has multiple stored XSS issues. | ||||
| CVE-2019-17229 | 1 Stylemixthemes | 1 Motors - Car Dealer\, Classifieds \& Listing | 2024-11-21 | 6.1 Medium |
| includes/options.php in the motors-car-dealership-classified-listings (aka Motors - Car Dealer & Classified Ads) plugin through 1.4.0 for WordPress has multiple stored XSS issues. | ||||
| CVE-2019-17226 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.8 Medium |
| CMS Made Simple (CMSMS) 2.2.11 allows XSS via the Site Admin > Module Manager > Search Term field. | ||||
| CVE-2019-17225 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| Subrion 4.2.1 allows XSS via the panel/members/ Username, Full Name, or Email field, aka an "Admin Member JSON Update" issue. | ||||
| CVE-2019-17223 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| There is HTML Injection in the Note field in Dolibarr ERP/CRM 10.0.2 via user/note.php. | ||||
| CVE-2019-17222 | 1 Intelbras | 2 Wrn 150, Wrn 150 Firmware | 2024-11-21 | 6.1 Medium |
| An issue was discovered on Intelbras WRN 150 1.0.17 devices. There is stored XSS in the Service Name tab of the WAN configuration screen, leading to a denial of service (inability to change the configuration). | ||||
| CVE-2019-17220 | 1 Rocket.chat | 1 Rocket.chat | 2024-11-21 | 6.1 Medium |
| Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | ||||
| CVE-2019-17214 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 7.5 High |
| The WebARX plugin 1.3.0 for WordPress allows firewall bypass by appending &cc=1 to a URI. | ||||
| CVE-2019-17213 | 1 Webarxsecurity | 1 Webarx | 2024-11-21 | 6.1 Medium |
| The WebARX plugin 1.3.0 for WordPress has unauthenticated stored XSS via the URI or the X-Forwarded-For HTTP header. | ||||
| CVE-2019-17207 | 1 Managewp | 1 Broken Link Checker | 2024-11-21 | 5.4 Medium |
| A reflected XSS vulnerability was found in includes/admin/table-printer.php in the broken-link-checker (aka Broken Link Checker) plugin 1.11.8 for WordPress. This allows unauthorized users to inject client-side JavaScript into an admin-only WordPress page via the wp-admin/tools.php?page=view-broken-links s_filter parameter in a search action. | ||||
| CVE-2019-17205 | 1 Teampass | 1 Teampass | 2024-11-21 | 6.1 Medium |
| TeamPass 2.1.27.36 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | ||||
| CVE-2019-17204 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| TeamPass 2.1.27.36 allows Stored XSS by setting a crafted Knowledge Base label and adding any available item. | ||||
| CVE-2019-17203 | 1 Teampass | 1 Teampass | 2024-11-21 | 5.4 Medium |
| TeamPass 2.1.27.36 allows Stored XSS at the Search page by setting a crafted password for an item in any folder. | ||||
| CVE-2019-17189 | 1 Totemo | 1 Totemodata | 2024-11-21 | 5.4 Medium |
| totemodata 3.0.0_b936 has XSS via a folder name. | ||||
| CVE-2019-17179 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| 4.1.0, 4.1.1, 4.1.2, 4.1.2.3, 4.1.2.6, 4.1.2.7, 4.2.0, 4.2.1, 4.2.2, 5.0.0, 5.0.0.5, 5.0.0.6, 5.0.1, 5.0.1.1, 5.0.1.2, 5.0.1.3, 5.0.1.4, 5.0.1.5, 5.0.1.6, 5.0.1.7, 5.0.2, fixed in version 5.0.2.1 | ||||
| CVE-2019-17176 | 1 Genesys | 1 Eservices Chat | 2024-11-21 | 6.1 Medium |
| Genesys PureEngage Digital (eServices) 8.1.x allows XSS via HtmlChatPanel.jsp or HtmlChatFrameSet.jsp (ActionColor, ClientNickNameColor, Email, email, or email_address parameter). | ||||
| CVE-2019-17127 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 6.1 Medium |
| A Stored Client Side Template Injection (CSTI) with Angular was discovered in the SolarWinds Orion Platform 2019.2 HF1 in many application forms. An attacker can inject an Angular expression and escape the Angular sandbox to achieve stored XSS. This can lead to privilege escalation. | ||||