Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-09 | CVE-2018-20858 | Cross-site Scripting vulnerability in EDX Recommender Recommender before 2018-07-18 allows XSS. | 6.1 |
2019-08-09 | CVE-2019-14805 | Cross-site Scripting vulnerability in UNA 10.0.0 studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | 3.5 |
2019-08-09 | CVE-2019-14804 | Cross-site Scripting vulnerability in UNA 10.0.0 studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | 3.5 |
2019-08-09 | CVE-2019-14797 | Cross-site Scripting vulnerability in 10Web Photo Gallery The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | 3.5 |
2019-08-09 | CVE-2019-14796 | Cross-site Scripting vulnerability in Mq-Woocommerce-Products-Price-Bulk-Edit Project Mq-Woocommerce-Products-Price-Bulk-Edit 2.0 The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | 5.4 |
2019-08-09 | CVE-2019-14791 | Cross-site Scripting vulnerability in Codepeople Appointment Booking Calendar 1.3.18 The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | 4.3 |
2019-08-09 | CVE-2019-14799 | Cross-site Scripting vulnerability in Foliovision FV Flowplayer Video Player The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | 6.1 |
2019-08-09 | CVE-2019-14792 | Cross-site Scripting vulnerability in Codecabin WP GO Maps The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | 5.4 |
2019-08-09 | CVE-2019-14787 | Cross-site Scripting vulnerability in Tribulant Newsletters The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | 5.4 |
2019-08-09 | CVE-2019-14785 | Cross-site Scripting vulnerability in Codepeople CP Contact Form With Paypal The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | 3.5 |