Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE	CVE	VULNERABILITY TITLE	RISK
2019-08-09	CVE-2018-20858	Cross-site Scripting vulnerability in EDX Recommender Recommender before 2018-07-18 allows XSS. network low complexity edx CWE-79	6.1
2019-08-09	CVE-2019-14805	Cross-site Scripting vulnerability in UNA 10.0.0 studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. network una CWE-79	3.5
2019-08-09	CVE-2019-14804	Cross-site Scripting vulnerability in UNA 10.0.0 studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. network una CWE-79	3.5
2019-08-09	CVE-2019-14797	Cross-site Scripting vulnerability in 10Web Photo Gallery The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. network 10web CWE-79	3.5
2019-08-09	CVE-2019-14796	Cross-site Scripting vulnerability in Mq-Woocommerce-Products-Price-Bulk-Edit Project Mq-Woocommerce-Products-Price-Bulk-Edit 2.0 The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. network low complexity mq-woocommerce-products-price-bulk-edit-project CWE-79	5.4
2019-08-09	CVE-2019-14791	Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18 The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. network codepeople CWE-79	4.3
2019-08-09	CVE-2019-14799	Cross-site Scripting vulnerability in Foliovision FV Flowplayer Video Player The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. network low complexity foliovision CWE-79	6.1
2019-08-09	CVE-2019-14792	Cross-site Scripting vulnerability in Codecabin WP GO Maps The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. network low complexity codecabin CWE-79	5.4
2019-08-09	CVE-2019-14787	Cross-site Scripting vulnerability in Tribulant Newsletters The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. network low complexity tribulant CWE-79	5.4
2019-08-09	CVE-2019-14785	Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. network codepeople CWE-79	3.5