NewStatPress <=1.0.4 - Cross-Site Scripting

WordPress NewStatPress plugin through 1.0.4 contains a cross-site scripting vulnerability. The plugin utilizes, on lines 28 and 31 of the file "includes/nspsearch.php", several variables from the $GET scope without sanitation. While WordPress automatically escapes quotes on this scope, the output...

Cisco Unified Communications Manager 7/8/9 - Directory Traversal

A directory traversal vulnerability in the Tomcat administrative web interface in Cisco Unified Communications Manager allows remote authenticated users to read arbitrary files via directory traversal sequences in an unspecified input string, aka Bug ID CSCui78815 id: CVE-2013-5528 info: name:...

WordPress Spreadsheet - Cross-Site Scripting

WordPress Spreadsheet plugin contains a reflected cross-site scripting vulnerability in /dhtmlxspreadsheet/codebase/spreadsheet.php. id: CVE-2013-6281 info: name: WordPress Spreadsheet - Cross-Site Scripting author: random-robbie severity: medium description: | WordPress Spreadsheet plugin contai...

WordPress Plugin Duplicator < 0.4.5 - Cross-Site Scripting

A cross-site scripting vulnerability in files/installer.cleanup.php in the Duplicator plugin before 0.4.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the package parameter. id: CVE-2013-4625 info: name: WordPress Plugin Duplicator 0.4.5 - Cross-Site Scripting...

Monstra CMS <=3.0.4 - Cross-Site Scripting

Monstra CMS 3.0.4 and earlier contains a cross-site scripting vulnerability via index.php. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch...

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to cross-site scripting via the segments/add.php Segment Name field. id: CVE-2018-1000856 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to cross-site scripting via the...

Palo Alto Networks PAN-OS GlobalProtect <8.1.4 - Cross-Site Scripting

Palo Alto Networks PAN-OS before 8.1.4 GlobalProtect Portal Login page allows an unauthenticated attacker to inject arbitrary JavaScript or HTML, making it vulnerable to cross-site scripting. id: CVE-2018-10141 info: name: Palo Alto Networks PAN-OS GlobalProtect 8.1.4 - Cross-Site Scripting autho...

AvantFAX 3.3.3 - Cross-Site Scripting

AvantFAX 3.3.3 contains a cross-site scripting vulnerability via an arbitrary parameter name submitted to the default URL, as demonstrated by a parameter whose name contains a SCRIPT element and whose value is 1. id: CVE-2017-18024 info: name: AvantFAX 3.3.3 - Cross-Site Scripting author: pikpikc...

DomainMOD 4.11.01 - Cross-Site Scripting

DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via assets/edit/ip-address.php. id: CVE-2018-19137 info: name: DomainMOD 4.11.01 - Cross-Site Scripting author: arafatansari severity: medium description: | DomainMOD 4.11.01 is vulnerable to reflected cross-site Scripting via...

Zend Server <9.13 - Cross-Site Scripting

Zend Server before version 9.13 is vulnerable to cross-site scripting via the debughost parameter. id: CVE-2018-10230 info: name: Zend Server 9.13 - Cross-Site Scripting author: marcosiaf severity: medium description: | Zend Server before version 9.13 is vulnerable to cross-site scripting via the...

Pinterest by BestWebSoft < 1.0.5 - Cross-Site Scripting

The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues. id: CVE-2017-18517 info: name: Pinterest by BestWebSoft 1.0.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The bws-pinterest plugin before 1.0.5 for WordPress has multiple XSS issues...

Subscriber by BestWebSoft < 1.3.5 - Cross-Site Scripting

The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. id: CVE-2017-18502 info: name: Subscriber by BestWebSoft 1.3.5 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The subscriber plugin before 1.3.5 for WordPress has multiple XSS issues. impact: |...

Custom Search by BestWebSoft < 1.36 - Cross-Site Scripting

The custom-search-plugin plugin before 1.36 for WordPress has multiple XSS issues. id: CVE-2017-18494 info: name: Custom Search by BestWebSoft 1.36 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The custom-search-plugin plugin before 1.36 for WordPress has multiple X...

Social Buttons Pack by BestWebSof < 1.1.1 - Cross-Site Scripting

The social-buttons-pack plugin before 1.1.1 for WordPress has multiple XSS issues. id: CVE-2017-18500 info: name: Social Buttons Pack by BestWebSof 1.1.1 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The social-buttons-pack plugin before 1.1.1 for WordPress has...

Custom Admin Page by BestWebSoft < 0.1.2 - Cross-Site Scripting

The custom-admin-page plugin before 0.1.2 for WordPress has multiple XSS issues. id: CVE-2017-18493 info: name: Custom Admin Page by BestWebSoft 0.1.2 - Cross-Site Scripting author: luisfelipe146 severity: medium description: | The custom-admin-page plugin before 0.1.2 for WordPress has multiple...

Magento Server Mass Importer - Cross-Site Scripting

Magento Server Mass Importer plugin contains multiple cross-site scripting vulnerabilities which allow remote attackers to inject arbitrary web script or HTML via the 1 profile parameter to web/magmi.php or 2 QUERYSTRING to web/magmiimportrun.php. id: CVE-2015-2068 info: name: Magento Server Mass...

WordPress DZS-VideoGallery Plugin Cross-Site Scripting

Multiple cross-site scripting vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio DZS Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 swfloc or 2 designrand parameter. id: CVE-2014-9094 info: name: WordPress...

Frontend Uploader <= 0.9.2 - Cross-Site Scripting

The Frontend Uploader WordPress plugin prior to v.0.9.2 was affected by an unauthenticated Cross-Site Scripting security vulnerability. id: CVE-2014-9444 info: name: Frontend Uploader = 0.9.2 - Cross-Site Scripting author: daffainfo severity: medium description: The Frontend Uploader WordPress...

Netsweeper 4.0.4 - Cross-Site Scripting

A cross-site scripting vulnerability in Netsweeper 4.0.4 allows remote attackers to inject arbitrary web script or HTML via the url parameter to webadmin/deny/index.php. id: CVE-2014-9615 info: name: Netsweeper 4.0.4 - Cross-Site Scripting author: daffainfo severity: medium description: A...

Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting

Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site scripting via the GET "ajax" parameter to snarfajax.php. id: CVE-2011-4336 info: name: Tiki Wiki CMS Groupware 7.0 Cross-Site Scripting author: pikpikcu severity: medium description: Tiki Wiki CMS Groupware 7.0 is vulnerable to cross-site...