Zarafa WebApp <=2.0.1.47791 - Cross-Site Scripting

Zarafa WebApp 2.0.1.47791 and earlier contains an unauthenticated reflected cross-site scripting vulnerability. An attacker can execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. id: CVE-2019-7219 info: name: Zarafa WebApp =2.0.1.47791 -...

qdPM 9.1 - Cross-site Scripting

qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. id: CVE-2019-8390 info: name: qdPM 9.1 - Cross-site Scripting author: theamanrawat severity: medium description: | qdPM 9.1 suffers from Cross-site Scripting XSS in the searchkeywords parameter. impact: | Successful...

LabKey Server Community Edition <18.3.0 - Cross-Site Scripting

LabKey Server Community Edition before 18.3.0-61806.763 contains a reflected cross-site scripting vulnerability via the onerror parameter in the /r2/query endpoints, which allows an unauthenticated remote attacker to inject arbitrary JavaScript. id: CVE-2019-3911 info: name: LabKey Server Communi...

WordPress Sell Media 2.4.1 - Cross-Site Scripting

WordPress Plugin Sell Media v2.4.1 contains a cross-site scripting vulnerability in /inc/class-search.php that allows remote attackers to inject arbitrary web script or HTML via the keyword parameter aka $searchterm or the Search field. id: CVE-2019-6112 info: name: WordPress Sell Media 2.4.1 -...

Nordex NC2 - Cross-Site Scripting

Nordex NC2 contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. id:...

SourceBans <2.0 - Cross-Site Scripting

SourceBans before 2.0 contains a cross-site scripting vulnerability which allows remote attackers to inject arbitrary web script or HTML via the advSearch parameter to index.php. id: CVE-2015-8349 info: name: SourceBans 2.0 - Cross-Site Scripting author: pikpikcu severity: medium description:...

WordPress AJAX Random Post <=2.00 - Cross-Site Scripting

WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting. id: CVE-2016-1000127 info: name: WordPress AJAX Random Post =2.00 - Cross-Site Scripting author: daffainfo severity: medium description: WordPress AJAX Random Post 2.00 is vulnerable to reflected cross-site scripting...

Jolokia 1.3.7 - Cross-Site Scripting

Jolokia 1.3.7 is vulnerable to cross-site scripting in the HTTP servlet and allows an attacker to execute malicious JavaScript in the victim's browser. id: CVE-2018-1000129 info: name: Jolokia 1.3.7 - Cross-Site Scripting author: mavericknerd,0h1in9e,daffainfo severity: medium description: |...

Magmi 0.7.22 - Cross-Site Scripting

Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...

LiveZilla Server 8.0.1.0 - Cross-Site Scripting

LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. id: CVE-2019-12962 info: name: LiveZilla Server 8.0.1.0 - Cross-Site Scripting author: Clment Cruchet severity: medium description: | LiveZilla Server 8.0.1.0 is vulnerable to reflected cross-site scripting. impact: |...

Pulse Secure Pulse Connect Secure - Cross-Site Scripting (Reflected)

Pulse Secure Pulse Connect Secure PCS 8.3.x before 8.3R7.1 and 9.0.x before 9.0R3 contain a reflected cross-site scripting caused by insufficient sanitization on the Application Launcher page, letting attackers execute scripts in the context of the affected page, exploit requires victim to visit ...

L-Soft LISTSERV <16.5-2018a - Cross-Site Scripting

L-Soft LISTSERV before 16.5-2018a contains a reflected cross-site scripting vulnerability via the /scripts/wa.exe OK parameter. id: CVE-2019-15501 info: name: L-Soft LISTSERV 16.5-2018a - Cross-Site Scripting author: LogicalHunter,arafatansari severity: medium description: | L-Soft LISTSERV befor...

WordPress My Calendar <= 3.1.9 - Cross-Site Scripting

WordPress plugin My Calendar = 3.1.10 or apply the vendor-provided patch to fix the XSS vulnerability. reference: - https://wpscan.com/vulnerability/9267 - https://wordpress.org/plugins/my-calendar/developers - https://nvd.nist.gov/vuln/detail/CVE-2019-15713 -...

osTicket < 1.12.1 - Cross-Site Scripting

An issue was discovered in osTicket before 1.10.7 and 1.12.x before 1.12.1. Stored XSS exists in setup/install.php. It was observed that no input sanitization was provided in the firstname and lastname fields of the application. The insertion of malicious queries in those fields leads to the...

Htaccess by BestWebSoft < 1.7.6 - Cross-Site Scripting

The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. id: CVE-2017-18496 info: name: Htaccess by BestWebSoft 1.7.6 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The htaccess plugin before 1.7.6 for WordPress has multiple XSS issues. impact: |...

SMTP by BestWebSoft < 1.1.0 - Cross-Site Scripting

The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. id: CVE-2017-18518 info: name: SMTP by BestWebSoft 1.1.0 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-smtp plugin before 1.1.0 for WordPress has multiple XSS issues. impact: |...

WordPress < 4.9.1 - Authenticated JavaScript File Upload

WordPress before 4.9.1 contains a cross-site scripting caused by not requiring unfilteredhtml capability for uploading .js files in functions.php, letting remote attackers execute scripts via crafted files, exploit requires upload permissions. id: CVE-2017-17092 info: name: WordPress 4.9.1 -...

WordPress Tidio Gallery <=1.1 - Cross-Site Scripting

WordPress plugin tidio-gallery v1.1 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication...

WordPress Hero Maps Pro 2.1.0 - Cross-Site Scripting

WordPress Hero Maps Pro 2.1.0 contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials...

WordPress Simpel Reserveren <=3.5.2 - Cross-Site Scripting

WordPress plugin Simpel Reserveren 3.5.2 and before contains a reflected cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...