Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2019-08-29 | CVE-2019-15778 | Cross-site Scripting vulnerability in Getwooplugins Additional Variation Images FOR Woocommerce The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | 3.5 |
| 2019-08-29 | CVE-2019-15782 | Cross-site Scripting vulnerability in Webtorrent WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. | 4.3 |
| 2019-08-29 | CVE-2019-15777 | Cross-site Scripting vulnerability in Shapepress WP Dsgvo Tools The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | 3.5 |
| 2019-08-29 | CVE-2019-13407 | Cross-site Scripting vulnerability in multiple products A XSS found in Advan VD-1 firmware versions up to 230. | 4.3 |
| 2019-08-28 | CVE-2019-5590 | Cross-site Scripting vulnerability in Fortinet Fortiweb The URL part of the report message is not encoded in Fortinet FortiWeb 6.0.2 and below which may allow an attacker to execute unauthorized code or commands (Cross Site Scripting) via attack reports generated in HTML form. | 4.3 |
| 2019-08-28 | CVE-2019-15230 | Cross-site Scripting vulnerability in Librenms 1.54 LibreNMS v1.54 has XSS in the Create User, Inventory, Add Device, Notifications, Alert Rule, Create Maintenance, and Alert Template sections of the admin console. | 3.5 |
| 2019-08-28 | CVE-2019-13189 | Cross-site Scripting vulnerability in ENG Knowage In Knowage through 6.1.1, there is XSS via the start_url or user_id field to the ChangePwdServlet page. | 4.3 |
| 2019-08-28 | CVE-2019-10383 | Cross-site Scripting vulnerability in multiple products A stored cross-site scripting vulnerability in Jenkins 2.191 and earlier, LTS 2.176.2 and earlier allowed attackers with Overall/Administer permission to configure the update site URL to inject arbitrary HTML and JavaScript in update center web pages. | 4.8 |
| 2019-08-28 | CVE-2015-9359 | Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |
| 2019-08-28 | CVE-2015-9379 | Cross-site Scripting vulnerability in Ithemes Builder Style Manager iThemes Builder Style Manager before 0.7.7 for WordPress has XSS via add_query_arg() and remove_query_arg(). | 4.3 |