Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2019-09-16	CVE-2016-10967	Cross-site Scripting vulnerability in Creativeinteractivemedia Real3D Flipbook 1.0 The real3d-flipbook-lite plugin 1.0 for WordPress has XSS via the wp-content/plugins/real3d-flipbook/includes/flipbooks.php bookId parameter. network creativeinteractivemedia CWE-79	4.3
2019-09-16	CVE-2016-10964	Cross-site Scripting vulnerability in Findshorty Dwnldr The dwnldr plugin before 1.01 for WordPress has XSS via the User-Agent HTTP header. network findshorty CWE-79	4.3
2019-09-16	CVE-2016-10963	Cross-site Scripting vulnerability in Icegram Engage The icegram plugin before 1.9.19 for WordPress has XSS. network low complexity icegram CWE-79	6.1
2019-09-16	CVE-2016-10961	Cross-site Scripting vulnerability in Inkthemes Colorway The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter. network low complexity inkthemes CWE-79	6.1
2019-09-16	CVE-2016-10957	Cross-site Scripting vulnerability in Akal Project Akal 20160822 The Akal theme through 2016-08-22 for WordPress has XSS via the framework/brad-shortcodes/tinymce/preview.php sc parameter. network akal-project CWE-79	4.3
2019-09-15	CVE-2019-16334	Cross-site Scripting vulnerability in Bludit 3.9.2 In Bludit v3.9.2, there is a persistent XSS vulnerability in the Categories -> Add New Category -> Name field. network bludit CWE-79	3.5
2019-09-15	CVE-2019-16333	Cross-site Scripting vulnerability in Get-Simple Getsimple CMS 3.3.15 GetSimple CMS v3.3.15 has Persistent Cross-Site Scripting (XSS) in admin/theme-edit.php. network get-simple CWE-79	3.5
2019-09-15	CVE-2019-16332	Cross-site Scripting vulnerability in API Bearer Auth Project API Bearer Auth In the api-bearer-auth plugin before 20190907 for WordPress, the server parameter is not correctly filtered in the swagger-config.yaml.php file, and it is possible to inject JavaScript code, aka XSS. network api-bearer-auth-project CWE-79	4.3
2019-09-15	CVE-2019-16321	Cross-site Scripting vulnerability in Scadabr 1.0Ce/1.1.0 ScadaBR 1.0CE, and 1.1.x through 1.1.0-RC, has XSS via a request for a nonexistent resource, as demonstrated by the dwr/test/ PATH_INFO. network scadabr CWE-79	4.3
2019-09-14	CVE-2019-16307	Cross-site Scripting vulnerability in Fujixerox Docushare 7.0.0.C1.609 A Reflected Cross-Site Scripting (XSS) vulnerability in the webEx module in webExMeetingLogin.jsp and deleteWebExMeetingCheck.jsp in Fuji Xerox DocuShare through 7.0.0.C1.609 allows remote attackers to inject arbitrary web script or HTML via the handle parameter (webExMeetingLogin.jsp) and meetingKey parameter (deleteWebExMeetingCheck.jsp). network fujixerox CWE-79	4.3