ReportizFlow
Filtered by vendor
Subscriptions
Total
40489 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-14807 | 1 Mediawiki | 1 Mobilefrontend | 2024-11-21 | 6.1 Medium |
| In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php. | ||||
| CVE-2019-14805 | 1 Una | 1 Una | 2024-11-21 | N/A |
| studio/builder_menu.php?page=sets in UNA 10.0.0-RC1 allows XSS via the System Name field under Sets during set editing. | ||||
| CVE-2019-14804 | 1 Una | 1 Una | 2024-11-21 | N/A |
| studio/polyglot.php?page=etemplates in UNA 10.0.0-RC1 allows XSS via the System Name field under Emails during template editing. | ||||
| CVE-2019-14799 | 1 Foliovision | 1 Fv Flowplayer Video Player | 2024-11-21 | 6.1 Medium |
| The FV Flowplayer Video Player plugin before 7.3.14.727 for WordPress allows email subscription XSS. | ||||
| CVE-2019-14797 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A |
| The 10Web Photo Gallery plugin before 1.5.23 for WordPress has authenticated stored XSS. | ||||
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2024-11-21 | 5.4 Medium |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | ||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2024-11-21 | N/A |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | ||||
| CVE-2019-14792 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | N/A |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | ||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | N/A |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | ||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2024-11-21 | N/A |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | ||||
| CVE-2019-14789 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | N/A |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | ||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 5.4 Medium |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | ||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | ||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | N/A |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | ||||
| CVE-2019-14774 | 1 Getwooplugins | 1 Woo-variation-swatches | 2024-11-21 | 6.1 Medium |
| The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | ||||
| CVE-2019-14772 | 1 Verdaccio | 1 Verdaccio | 2024-11-21 | N/A |
| verdaccio before 3.12.0 allows XSS. | ||||
| CVE-2019-14770 | 1 Backdropcms | 1 Backdrop Core | 2024-11-21 | N/A |
| In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) | ||||
| CVE-2019-14769 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | N/A |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) | ||||
| CVE-2019-14761 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 4.4 Medium |
| An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | ||||
| CVE-2019-14760 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 4.4 Medium |
| An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | ||||