Vulnerabilities > Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

DATE CVE VULNERABILITY TITLE RISK
2019-08-22 CVE-2015-9336 Cross-site Scripting vulnerability in Codection Clean Login
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
network
codection CWE-79
4.3
4.3
2019-08-22 CVE-2013-7481 Cross-site Scripting vulnerability in Bestwebsoft Contact Form
The contact-form-plugin plugin before 3.3.5 for WordPress has XSS. 		4.3
4.3
2019-08-22 CVE-2013-7480 Cross-site Scripting vulnerability in Pixelite Events Manager
The events-manager plugin before 5.3.6.1 for WordPress has XSS via the booking form and admin areas.
network
low complexity
pixelite CWE-79
6.1
6.1
2019-08-22 CVE-2013-7479 Cross-site Scripting vulnerability in Pixelite Events Manager
The events-manager plugin before 5.3.9 for WordPress has XSS in the search form field.
network
low complexity
pixelite CWE-79
6.1
6.1
2019-08-22 CVE-2013-7478 Cross-site Scripting vulnerability in Pixelite Events Manager
The events-manager plugin before 5.5 for WordPress has XSS via EM_Ticket::get_post.
network
low complexity
pixelite CWE-79
6.1
6.1
2019-08-22 CVE-2013-7477 Cross-site Scripting vulnerability in Pixelite Events Manager
The events-manager plugin before 5.5.2 for WordPress has XSS in the booking form.
network
low complexity
pixelite CWE-79
6.1
6.1
2019-08-22 CVE-2012-6716 Cross-site Scripting vulnerability in Pixelite Events Manager
The events-manager plugin before 5.1.7 for WordPress has XSS via JSON call links.
network
low complexity
pixelite CWE-79
6.1
6.1
2019-08-21 CVE-2019-13476 Cross-site Scripting vulnerability in Control-Webpanel Webpanel 0.9.8.837
In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.837, XSS in the domain parameter allows a low-privilege user to achieve root access via the email list page.
network
low complexity
control-webpanel CWE-79
5.4
5.4
2019-08-21 CVE-2019-15127 Cross-site Scripting vulnerability in Vanderbilt Redcap
REDCap before 9.3.0 allows XSS attacks against non-administrator accounts on the Data Import Tool page via a CSV data import file.
network
vanderbilt CWE-79
3.5
3.5
2019-08-21 CVE-2019-15074 Cross-site Scripting vulnerability in Mantisbt
The Timeline feature in my_view_page.php in MantisBT through 2.21.1 has a stored cross-site scripting (XSS) vulnerability, allowing execution of arbitrary code (if CSP settings permit it) after uploading an attachment with a crafted filename.
network
mantisbt CWE-79
6.8
6.8