Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-10-16 | CVE-2019-17577 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-16 | CVE-2019-17576 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.2 An issue was discovered in Dolibarr 10.0.2. | 5.4 |
| 2019-10-16 | CVE-2019-17660 | Cross-site Scripting vulnerability in Limesurvey A cross-site scripting (XSS) vulnerability in admin/translate/translateheader_view.php in LimeSurvey 3.19.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the tolang parameter, as demonstrated by the index.php/admin/translate/sa/index/surveyid/336819/lang/ PATH_INFO. | 4.3 |
| 2019-10-16 | CVE-2019-11281 | Cross-site Scripting vulnerability in multiple products Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16.6, and versions 1.17.x prior to 1.17.3, contain two components, the virtual host limits page, and the federation management UI, which do not properly sanitize user input. | 4.8 |
| 2019-10-16 | CVE-2019-16523 | Cross-site Scripting vulnerability in Wp-Events-Plugin Events Manager The events-manager plugin through 5.9.5 for WordPress (aka Events Manager) is susceptible to Stored XSS due to improper encoding and insertion of data provided to the attribute map_style of shortcodes (locations_map and events_map) provided by the plugin. | 3.5 |
| 2019-10-16 | CVE-2019-16522 | Cross-site Scripting vulnerability in EU Cookie LAW Project EU Cookie LAW The eu-cookie-law plugin through 3.0.6 for WordPress (aka EU Cookie Law (GDPR)) is susceptible to Stored XSS due to improper encoding of several configuration options in the admin area and the displayed cookie consent message. | 3.5 |
| 2019-10-16 | CVE-2019-16521 | Cross-site Scripting vulnerability in Managewp Broken Link Checker The broken-link-checker plugin through 1.11.8 for WordPress (aka Broken Link Checker) is susceptible to Reflected XSS due to improper encoding and insertion of an HTTP GET parameter into HTML. | 4.3 |
| 2019-10-16 | CVE-2019-17630 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "News > Add Article" screen. | 3.5 |
| 2019-10-16 | CVE-2019-17629 | Cross-site Scripting vulnerability in Cmsmadesimple CMS Made Simple 2.2.11 CMS Made Simple (CMSMS) 2.2.11 allows stored XSS by an admin via a crafted image filename on the "file manager > upload images" screen. | 3.5 |
| 2019-10-16 | CVE-2019-16520 | Cross-site Scripting vulnerability in ONE SEO Pack The all-in-one-seo-pack plugin before 3.2.7 for WordPress (aka All in One SEO Pack) is susceptible to Stored XSS due to improper encoding of the SEO-specific description for posts provided by the plugin via unsafe placeholder replacement. | 3.5 |