Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-03-24 CVE-2019-9978 Cross-site Scripting vulnerability in Warfareplugins Social Warfare and Social Warfare PRO
The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019.
network
low complexity
warfareplugins CWE-79
6.1
6.1
2019-03-22 CVE-2018-20165 Cross-site Scripting vulnerability in Opentext Portal 7.4.4
Cross-site scripting (XSS) vulnerability in OpenText Portal 7.4.4 allows remote attackers to inject arbitrary web script or HTML via the vgnextoid parameter to a menuitem URI.
network
low complexity
opentext CWE-79
6.1
6.1
2019-03-22 CVE-2019-9925 Cross-site Scripting vulnerability in S-Cms 1.0
S-CMS PHP v1.0 has XSS in 4.edu.php via the S_id parameter.
network
low complexity
s-cms CWE-79
6.1
6.1
2019-03-22 CVE-2019-9914 Cross-site Scripting vulnerability in Yop-Poll
The yop-poll plugin before 6.0.3 for WordPress has wp-admin/admin.php?page=yop-polls&action=view-votes poll_id XSS.
network
low complexity
yop-poll CWE-79
6.1
6.1
2019-03-22 CVE-2019-9913 Cross-site Scripting vulnerability in 3CX Live Chat
The wp-live-chat-support plugin before 8.0.18 for WordPress has wp-admin/admin.php?page=wplivechat-menu-gdpr-page term XSS.
network
low complexity
3cx CWE-79
6.1
6.1
2019-03-22 CVE-2019-9912 Cross-site Scripting vulnerability in Codecabin WP GO Maps
The wp-google-maps plugin before 7.10.43 for WordPress has XSS via the wp-admin/admin.php PATH_INFO.
network
low complexity
codecabin CWE-79
6.1
6.1
2019-03-22 CVE-2019-9911 Cross-site Scripting vulnerability in Nextscripts Social Networks Auto Poster
The social-networks-auto-poster-facebook-twitter-g plugin before 4.2.8 for WordPress has wp-admin/admin.php?page=nxssnap-reposter&action=edit item XSS.
network
low complexity
nextscripts CWE-79
6.1
6.1
2019-03-22 CVE-2019-9910 Cross-site Scripting vulnerability in King-Theme Kingcomposer 2.7.6
The kingcomposer plugin 2.7.6 for WordPress has wp-admin/admin.php?page=kc-mapper id XSS.
network
low complexity
king-theme CWE-79
6.1
6.1
2019-03-22 CVE-2019-9909 Cross-site Scripting vulnerability in Givewp
The "Donation Plugin and Fundraising Platform" plugin before 2.3.1 for WordPress has wp-admin/edit.php csv XSS.
network
low complexity
givewp CWE-79
6.1
6.1
2019-03-22 CVE-2019-9908 Cross-site Scripting vulnerability in Hivewebstudios Font Organizer 2.1.1
The font-organizer plugin 2.1.1 for WordPress has wp-admin/options-general.php manage_font_id XSS.
network
low complexity
hivewebstudios CWE-79
6.1
6.1