CVE-2017-1002017 CVSS:4.3
Vulnerability in wordpress plugin gift-certificate-creator v1.0, The code in gc-list.php doesn't sanitize user input to prevent a stored XSS vulnerability. (Last Update:2017-09-21) (Publish Update:2017-09-14)
CVE-2017-1002011 CVSS:3.5
Vulnerability in wordpress plugin image-gallery-with-slideshow v1.5.2, There is a stored XSS vulnerability via the $value->gallery_name and $value->gallery_description where anyone with privileges to modify or add galleries/images and inject javascript into the database. (Last Update:2017-09-20) (Publish Update:2017-09-14)
CVE-2017-1001001 CVSS:3.5
PluXml version 5.6 is vulnerable to stored cross-site scripting vulnerability, within the article creation page, which can result in escalation of privileges. (Last Update:2017-11-18) (Publish Update:2017-11-01)
CVE-2017-1000240 CVSS:0.0
The application OpenEMR is affected by multiple reflected & stored Cross-Site Scripting (XSS) vulnerabilities affecting version 5.0.0 and prior versions. These vulnerabilities could allow remote authenticated attackers to inject arbitrary web script or HTML. (Last Update:2017-11-16) (Publish Update:2017-11-16)
CVE-2017-1000239 CVSS:0.0
InvoicePlane version 1.4.10 is vulnerable to a Stored Cross Site Scripting resulting in allowing an authenticated user to inject malicious client side script which will be executed in the browser of users if they visit the manipulated site. (Last Update:2017-11-16) (Publish Update:2017-11-16)
CVE-2017-1000236 CVSS:0.0
I, Librarian version <=4.6 & 4.7 is vulnerable to Reflected Cross-Site Scripting in the temp.php resulting in an attacker being able to inject malicious client side scripting which will be executed in the browser of users if they visit the manipulated site. (Last Update:2017-11-16) (Publish Update:2017-11-16)
CVE-2017-1000227 CVSS:0.0
Stored XSS in Salutation Responsive WordPress + BuddyPress Theme version 3.0.15 could allow logged-in users to do almost anything an admin can (Last Update:2017-11-17) (Publish Update:2017-11-17)
CVE-2017-1000225 CVSS:0.0
Reflected XSS in Relevanssi Premium version 1.14.8 when using relevanssi_didyoumean() could allow unauthenticated attacker to do almost anything an admin can (Last Update:2017-11-17) (Publish Update:2017-11-17)
CVE-2017-1000223 CVSS:0.0
A stored web content injection vulnerability (WCI, a.k.a XSS) is present in MODX Revolution CMS version 2.5.6 and earlier. An authenticated user with permissions to edit users can save malicious JavaScript as a User Group name and potentially take control over victims' accounts. This can lead to an escalation of privileges providing complete administrative control over the CMS. (Last Update:2017-11-17) (Publish Update:2017-11-17)
CVE-2017-1000213 CVSS:0.0
WBCE v1.1.11 is vulnerable to reflected XSS via the "begriff" POST parameter in /admin/admintools/tool.php?tool=user_search (Last Update:2017-11-16) (Publish Update:2017-11-16)
Click here for a complete list of security vulnerabilities. This vulnerability list widget is provided by www.cvedetails.com