Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-08-22 | CVE-2014-10385 | Cross-site Scripting vulnerability in Memphis Documents Library Project Memphis Documents Library The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. | 4.3 |
2019-08-22 | CVE-2013-7482 | Cross-site Scripting vulnerability in Reflex Gallery Project Reflex Gallery The reflex-gallery plugin before 1.4.3 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2008-7321 | Cross-site Scripting vulnerability in Tubepress The tubepress plugin before 1.6.5 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2019-15317 | Cross-site Scripting vulnerability in Givewp The give plugin before 2.4.7 for WordPress has XSS via a donor name. | 5.4 |
2019-08-22 | CVE-2019-15314 | Cross-site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 18.4 tiki/tiki-upload_file.php in Tiki 18.4 allows remote attackers to upload JavaScript code that is executed upon visiting a tiki/tiki-download_file.php?display&fileId= URI. | 3.5 |
2019-08-22 | CVE-2018-20982 | Cross-site Scripting vulnerability in Davidlingren Media Library Assistant The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. | 6.1 |
2019-08-22 | CVE-2017-18575 | Cross-site Scripting vulnerability in Newstatpress Project Newstatpress The newstatpress plugin before 1.2.5 for WordPress has multiple stored XSS issues. | 4.3 |
2019-08-22 | CVE-2017-18572 | Cross-site Scripting vulnerability in SIR Gnucommerce The gnucommerce plugin before 1.4.2 for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2016-10920 | Cross-site Scripting vulnerability in SIR Gnucommerce The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS. | 4.3 |
2019-08-22 | CVE-2016-10919 | Cross-site Scripting vulnerability in Wassup Real Time Analytics Project Wassup Real Time Analytics The wassup plugin before 1.9.1 for WordPress has XSS via the Top stats widget or the wassupURI::add_siteurl method, a different vulnerability than CVE-2012-2633. | 4.3 |