Total
40659 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2015-2329 | 1 Woocommerce | 1 Woocommerce | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.3.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted order. | ||||
| CVE-2015-2324 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in the filemanager in the Photo Gallery plugin before 1.2.13 for WordPress allows remote authenticated users with edit permission to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2015-2249 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 5.4 Medium |
| Zimbra Collaboration before 8.6.0 patch5 has XSS. | ||||
| CVE-2015-2230 | 1 Synacor | 1 Zimbra Collaboration Server | 2024-11-21 | 6.1 Medium |
| Synacor Zimbra Collaboration Server 8.x before 8.7.0 has Reflected XSS in admin console. | ||||
| CVE-2015-2207 | 1 Netcracker | 1 Resource Management System | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in NetCracker Resource Management System before 8.2 allow remote authenticated users to inject arbitrary web script or HTML via the (1) ctrl, (2) t90001_0_theform_selection, (3) _scroll, (4) tableName, (5) parent, (6) circuit, (7) return, (8) xname, or (9) mpTransactionId parameter. | ||||
| CVE-2015-20106 | 1 Cbads | 1 Clickbank Affiliate Ads | 2024-11-21 | 4.8 Medium |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | ||||
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2024-11-21 | 9.6 Critical |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues | ||||
| CVE-2015-20019 | 1 Content Text Slider On Post Project | 1 Content Text Slider On Post | 2024-11-21 | 5.4 Medium |
| The Content text slider on post WordPress plugin before 6.9 does not sanitise and escape the Title and Message/Content settings, which could lead to Cross-Site Scripting issues | ||||
| CVE-2015-1952 | 1 Ibm | 1 Security Appscan | 2024-11-21 | N/A |
| Cross-site scripting (XSS) vulnerability in IBM AppScan Enterprise Edition 9.0.x before 9.0.2 iFix 001 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 103416. | ||||
| CVE-2015-1394 | 1 10web | 1 Photo Gallery | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the Photo Gallery plugin before 1.2.11 for WordPress allow remote authenticated users to inject arbitrary web script or HTML via the (1) sort_by, (2) sort_order, (3) items_view, (4) dir, (5) clipboard_task, (6) clipboard_files, (7) clipboard_src, or (8) clipboard_dest parameters in an addImages action to wp-admin/admin-ajax.php. | ||||
| CVE-2015-1390 | 1 Hp | 1 Airwave | 2024-11-21 | 6.1 Medium |
| Aruba AirWave before 8.0.7 allows XSS attacks agsinat an administrator. | ||||
| CVE-2015-10132 | 1 Wordpress | 1 Wordpress | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in Thimo Grauerholz WP-Spreadplugin up to 3.8.6.1 on WordPress. This vulnerability affects unknown code of the file spreadplugin.php. The manipulation of the argument Spreadplugin leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 3.8.6.6 is able to address this issue. The name of the patch is a9b9afc641854698e80aa5dd9ababfc8e0e57d69. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-261676. | ||||
| CVE-2015-10131 | 2024-11-21 | 3.5 Low | ||
| A vulnerability was found in chrisy TFO Graphviz Plugin up to 1.9 on WordPress and classified as problematic. Affected by this issue is the function admin_page_load/admin_page of the file tfo-graphviz-admin.php. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10 is able to address this issue. The name of the patch is 594c953a345f79e26003772093b0caafc14b92c2. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-258620. | ||||
| CVE-2015-10120 | 1 Webdevstudios | 1 Wds Multisite Aggregate | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in WDS Multisite Aggregate Plugin up to 1.0.0 on WordPress. Affected is the function update_options of the file includes/WDS_Multisite_Aggregate_Options.php. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.0.1 is able to address this issue. The name of the patch is 49e0bbcb6ff70e561365d9e0d26426598f63ca12. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-233364. | ||||
| CVE-2015-10119 | 1 Oomphinc | 1 View All Post\'s Pages | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, has been found in View All Posts Page Plugin up to 0.9.0 on WordPress. This issue affects the function action_admin_notices_activation of the file view-all-posts-pages.php. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 0.9.1 is able to address this issue. The patch is named bf914f3a59063fa4df8fd4925ae18a5d852396d7. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-233363. | ||||
| CVE-2015-10117 | 1 Webaware | 1 Gf Windcave Free | 2024-11-21 | 3.5 Low |
| A vulnerability, which was classified as problematic, was found in Gravity Forms DPS PxPay Plugin up to 1.4.2 on WordPress. Affected is an unknown function. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 1.4.3 is able to address this issue. The name of the patch is 5966a5e6343e3d5610bdfa126a5cfbae95e629b6. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230664. | ||||
| CVE-2015-10110 | 1 Tinychat | 1 Room Spy | 2024-11-21 | 3.5 Low |
| A vulnerability classified as problematic was found in ruddernation TinyChat Room Spy Plugin up to 1.2.8 on WordPress. This vulnerability affects the function wp_show_room_spy of the file room-spy.php. The manipulation of the argument room leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 1.2.9 is able to address this issue. The name of the patch is ab72627a963d61fb3bc31018e3855b08dc94a979. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-230392. | ||||
| CVE-2015-10107 | 1 Simplr Registration Form Plus\+ Project | 1 Simplr Registration Form Plus\+ | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Simplr Registration Form Plus+ Plugin up to 2.3.4 on WordPress and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The attack may be initiated remotely. Upgrading to version 2.3.5 is able to address this issue. The identifier of the patch is d588446844dd49232ab400ef213ff5b92121c33e. It is recommended to upgrade the affected component. The identifier VDB-230153 was assigned to this vulnerability. | ||||
| CVE-2015-10098 | 1 Wpmudev | 1 Broken Link Checker | 2024-11-21 | 3.5 Low |
| A vulnerability was found in Broken Link Checker Plugin up to 1.10.5 on WordPress. It has been rated as problematic. Affected by this issue is the function print_module_list/show_warnings_section_notice/status_text/ui_get_action_links. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 1.10.6 is able to address this issue. The name of the patch is f30638869e281461b87548e40b517738b4350e47. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-225152. | ||||
| CVE-2015-10094 | 1 Fastly | 1 Fastly | 2024-11-21 | 2.4 Low |
| A vulnerability was found in Fastly Plugin up to 0.97 on WordPress. It has been rated as problematic. Affected by this issue is the function post of the file lib/api.php. The manipulation of the argument url leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.98 is able to address this issue. The patch is identified as d7fe42538f4d4af500e3af9678b6b06fba731656. It is recommended to upgrade the affected component. VDB-222326 is the identifier assigned to this vulnerability. | ||||