Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2014-10385 Cross-site Scripting vulnerability in Memphis Documents Library Project Memphis Documents Library
The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST.
4.3
2019-08-22 CVE-2013-7482 Cross-site Scripting vulnerability in Reflex Gallery Project Reflex Gallery
The reflex-gallery plugin before 1.4.3 for WordPress has XSS.
4.3
2019-08-22 CVE-2008-7321 Cross-site Scripting vulnerability in Tubepress
The tubepress plugin before 1.6.5 for WordPress has XSS.
network
tubepress CWE-79
4.3
2019-08-22 CVE-2019-15317 Cross-site Scripting vulnerability in Givewp
The give plugin before 2.4.7 for WordPress has XSS via a donor name.
network
low complexity
givewp CWE-79
5.4
2019-08-22 CVE-2019-15314 Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 18.4
tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI.
network
tiki CWE-79
3.5
2019-08-22 CVE-2018-20982 Cross-site Scripting vulnerability in Davidlingren Media Library Assistant
The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens.
network
low complexity
davidlingren CWE-79
6.1
2019-08-22 CVE-2017-18575 Cross-site Scripting vulnerability in Newstatpress Project Newstatpress
The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues.
4.3
2019-08-22 CVE-2017-18572 Cross-site Scripting vulnerability in SIR Gnucommerce
The gnucommerce plugin before 1.4.2 for WordPress has XSS.
network
sir CWE-79
4.3
2019-08-22 CVE-2016-10920 Cross-site Scripting vulnerability in SIR Gnucommerce
The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.
network
sir CWE-79
4.3
2019-08-22 CVE-2016-10919 Cross-site Scripting vulnerability in Wassup Real Time Analytics Project Wassup Real Time Analytics
The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633.
4.3