| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information. |
| The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. |
| Intesync Solismed 3.3sp has XSS. |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. |
| The JobCareer theme before 2.5.1 for WordPress has stored XSS. |
| The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. |
| The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. |
| Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. |
| In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. |
