Total
40662 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-9549 | 1 Ocportal | 1 Ocportal | 2024-11-21 | 6.1 Medium |
| A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. | ||||
| CVE-2015-9539 | 1 Fast Secure Contact Form Project | 1 Fast Secure Contact Form | 2024-11-21 | 6.1 Medium |
| The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS. | ||||
| CVE-2015-9537 | 1 Imagely | 1 Nextgen Gallery | 2024-11-21 | 5.4 Medium |
| The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. | ||||
| CVE-2015-9504 | 1 Weeklynews Theme Project | 1 Weeklynews Theme | 2024-11-21 | 6.1 Medium |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. | ||||
| CVE-2015-9503 | 1 Webmandesign | 1 Modern Theme | 2024-11-21 | 6.1 Medium |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. | ||||
| CVE-2015-9502 | 1 Webmandesign | 1 Auberge Theme | 2024-11-21 | 6.1 Medium |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. | ||||
| CVE-2015-9501 | 1 Artificial Intelligence Project | 1 Artificial Intelligence | 2024-11-21 | 6.1 Medium |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | ||||
| CVE-2015-9500 | 1 Exquisite Ultimate Newspaper Project | 1 Exquisite Ultimate Newspaper | 2024-11-21 | 6.1 Medium |
| The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. | ||||
| CVE-2015-9495 | 1 Syndication Links Project | 1 Syndication Links | 2024-11-21 | 6.1 Medium |
| The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. | ||||
| CVE-2015-9494 | 1 Indieweb Post Kinds Project | 1 Indieweb Post Kinds | 2024-11-21 | 6.1 Medium |
| The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. | ||||
| CVE-2015-9493 | 1 Nlb-creationst | 1 My Wish List | 2024-11-21 | 6.1 Medium |
| The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. | ||||
| CVE-2015-9478 | 1 No-margin-for-error | 1 Prettyphoto | 2024-11-21 | 6.1 Medium |
| prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. | ||||
| CVE-2015-9472 | 1 Monitorbacklinks | 1 Incoming Links | 2024-11-21 | 6.1 Medium |
| The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. | ||||
| CVE-2015-9469 | 1 Cybercraftit | 1 Content-grabber | 2024-11-21 | 4.8 Medium |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. | ||||
| CVE-2015-9468 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 6.1 Medium |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. | ||||
| CVE-2015-9459 | 1 Seo Searchterms Tagging 2 Project | 1 Seo Searchterms Tagging 2 | 2024-11-21 | 6.1 Medium |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. | ||||
| CVE-2015-9453 | 1 K-78 | 1 Broken Link Manager | 2024-11-21 | 6.1 Medium |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. | ||||
| CVE-2015-9444 | 1 Altosresearch | 1 Altos-connect | 2024-11-21 | 6.1 Medium |
| The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. | ||||
| CVE-2015-9439 | 1 Addthis | 1 Addthis | 2024-11-21 | 4.8 Medium |
| The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. | ||||
| CVE-2015-9438 | 1 Display-widgets Project | 1 Display-widgets | 2024-11-21 | 5.4 Medium |
| The display-widgets plugin before 2.04 for WordPress has XSS via the wp-admin/admin-ajax.php?action=dw_show_widget id_base, widget_number, or instance parameter. | ||||