Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability.
Max CVSS
6.1
EPSS Score
0.07%
Published
2017-09-14
Updated
2017-09-21
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-09-14
Updated
2017-09-20
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-11-01
Updated
2017-11-18
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML.
Max CVSS
5.4
EPSS Score
0.10%
Published
2017-11-17
Updated
2017-11-30
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-17
Updated
2017-11-29
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site.
Max CVSS
6.1
EPSS Score
0.09%
Published
2017-11-17
Updated
2017-11-29
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-17
Updated
2019-08-24
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can
Max CVSS
6.1
EPSS Score
0.16%
Published
2017-11-17
Updated
2017-12-01
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-11-17
Updated
2017-12-01
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search
Max CVSS
4.8
EPSS Score
0.05%
Published
2017-11-17
Updated
2017-11-29
October CMS build 412 is vulnerable to stored WCI (a.k.a XSS) in brand logo image name resulting in JavaScript code execution in the victim's browser.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-11-17
Updated
2020-08-03
nodejs ejs version older than 2.5.5 is vulnerable to a Cross-site-scripting in the ejs.renderFile() resulting in code injection
Max CVSS
6.1
EPSS Score
0.06%
Published
2017-11-17
Updated
2017-11-30
Tine 2.0 version 2017.02.4 is vulnerable to XSS in the Addressbook resulting code execution and privilege escalation
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-17
Updated
2017-11-29
EllisLab ExpressionEngine 3.4.2 is vulnerable to cross-site scripting resulting in PHP code injection
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-11-17
Updated
2020-07-06
Mahara 1.10 before 1.10.9 and 15.04 before 15.04.6 and 15.10 before 15.10.2 are vulnerable to XSS due to window.opener (target="_blank" and window.open())
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
Mahara 1.9 before 1.9.7 and 1.10 before 1.10.5 and 15.04 before 15.04.2 are vulnerable to the arbitrary execution of Javascript in the browser of a logged-in user because the title of the portfolio page was not being properly escaped in the AJAX script that updates the Add/remove watchlist link on artefact detail pages.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
Mahara 1.9 before 1.9.6 and 1.10 before 1.10.4 and 15.04 before 15.04.1 are vulnerable to a site admin or institution admin being able to place HTML and Javascript into an institution display name, which will be displayed to other users unescaped on some Mahara system pages.
Max CVSS
4.8
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .xml file that can have its code executed when user tries to download the file.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when dragging/dropping files into a collection if the file has Javascript code in its title.
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
Mahara 1.10 before 1.10.0 and 15.04 before 15.04.0 are vulnerable to possible cross site scripting when adding a text block to a page via the keyboard (rather than drag and drop).
Max CVSS
5.4
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
Mahara 1.8 before 1.8.7 and 1.9 before 1.9.5 and 1.10 before 1.10.3 and 15.04 before 15.04.0 are vulnerable to a maliciously created .swf files that can have its code executed when a user tries to download the file.
Max CVSS
4.8
EPSS Score
0.06%
Published
2017-11-03
Updated
2017-11-15
The Datadog Plugin stores an API key to access the Datadog service in the global Jenkins configuration. While the API key is stored encrypted on disk, it was transmitted in plain text as part of the configuration form. This could result in exposure of the API key for example through browser extensions or cross-site scripting vulnerabilities. The Datadog Plugin now encrypts the API key transmitted to administrators viewing the global configuration form.
Max CVSS
4.3
EPSS Score
0.08%
Published
2017-10-05
Updated
2017-10-17
The custom Details view of the Static Analysis Utilities based OWASP Dependency-Check Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
Max CVSS
6.1
EPSS Score
0.08%
Published
2017-10-05
Updated
2017-10-19
The custom Details view of the Static Analysis Utilities based DRY Plugin, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-10-05
Updated
2017-11-01
The Details view of some Static Analysis Utilities based plugins, was vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to these plugins, for example the console output which is parsed to extract build warnings (Warnings Plugin), could insert arbitrary HTML into this view.
Max CVSS
5.4
EPSS Score
0.05%
Published
2017-10-05
Updated
2017-11-01
1500 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!