Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-22 | CVE-2019-16971 | Cross-site Scripting vulnerability in Fusionpbx In FusionPBX up to 4.5.7, the file app\messages\messages_thread.php uses an unsanitized "contact_uuid" variable coming from the URL, which is reflected on 3 occasions in HTML, leading to XSS. | 6.1 |
| 2019-10-22 | CVE-2015-9501 | Cross-site Scripting vulnerability in Artificial Intelligence Project Artificial Intelligence The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. | 4.3 |
| 2019-10-22 | CVE-2019-8089 | Cross-site Scripting vulnerability in Adobe Experience Manager Forms 6.3/6.4/6.5 Adobe Experience Manager Forms versions 6.3-6.5 have a reflected cross-site scripting vulnerability. | 4.3 |
| 2019-10-22 | CVE-2019-15587 | Cross-site Scripting vulnerability in multiple products In the Loofah gem for Ruby through v2.3.0 unsanitized JavaScript may occur in sanitized output when a crafted SVG element is republished. | 5.4 |
| 2019-10-22 | CVE-2015-9500 | Cross-site Scripting vulnerability in Exquisite Ultimate Newspaper Project Exquisite Ultimate Newspaper 1.3.3 The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. | 4.3 |
| 2019-10-22 | CVE-2015-9495 | Cross-site Scripting vulnerability in Syndication Links Project Syndication Links The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. | 4.3 |
| 2019-10-22 | CVE-2015-9494 | Cross-site Scripting vulnerability in Indieweb Post Kinds Project Indieweb Post Kinds The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. | 4.3 |
| 2019-10-22 | CVE-2015-9493 | Cross-site Scripting vulnerability in Nlb-Creationst MY Wish List The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. | 4.3 |
| 2019-10-22 | CVE-2019-17189 | Cross-site Scripting vulnerability in Totemo Totemodata 3.0.0B936 totemodata 3.0.0_b936 has XSS via a folder name. | 3.5 |
| 2019-10-21 | CVE-2019-17220 | Cross-site Scripting vulnerability in Rocket.Chat Rocket.Chat before 2.1.0 allows XSS via a URL on a ![title] line. | 4.3 |