Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-09-17 | CVE-2016-10976 | Cross-site Scripting vulnerability in Kodebyraaet Safe Editor 1.0/1.1 The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS. | 4.3 |
| 2019-09-17 | CVE-2016-10975 | Cross-site Scripting vulnerability in Tonjoostudio Fluid-Responsive-Slideshow The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter. | 4.3 |
| 2019-09-16 | CVE-2019-8368 | Cross-site Scripting vulnerability in Open-Emr Openemr 5.0.16 OpenEMR v5.0.1-6 allows XSS. | 4.3 |
| 2019-09-16 | CVE-2019-15739 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. | 4.3 |
| 2019-09-16 | CVE-2019-15724 | Cross-site Scripting vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. | 4.3 |
| 2019-09-16 | CVE-2016-10973 | Cross-site Scripting vulnerability in Brafton The Brafton plugin before 3.4.8 for WordPress has XSS via the wp-admin/admin.php?page=BraftonArticleLoader tab parameter to BraftonAdminPage.php. | 4.3 |
| 2019-09-16 | CVE-2019-15950 | Cross-site Scripting vulnerability in Redmineup CRM The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. | 4.3 |
| 2019-09-16 | CVE-2019-16197 | Cross-site Scripting vulnerability in Dolibarr Erp/Crm 10.0.1 In htdocs/societe/card.php in Dolibarr 10.0.1, the value of the User-Agent HTTP header is copied into the HTML document as plain text between tags, leading to XSS. | 6.1 |
| 2019-09-16 | CVE-2016-10970 | Cross-site Scripting vulnerability in Supportflow Project Supportflow The supportflow plugin before 0.7 for WordPress has XSS via a ticket excerpt. | 4.3 |
| 2019-09-16 | CVE-2016-10969 | Cross-site Scripting vulnerability in Supportflow Project Supportflow The supportflow plugin before 0.7 for WordPress has XSS via a discussion ticket title. | 4.3 |