Total
36976 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-15829 | 1 Greentreelabs | 1 Gallery Photoblocks | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. | |||||
| CVE-2019-15827 | 1 Onesignal | 1 Onesignal-free-web-push-notifications | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. | |||||
| CVE-2019-15817 | 1 Realestateconnected | 1 Easy Property Listings | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. | |||||
| CVE-2019-15816 | 1 Wpexpertdeveloper | 1 Wp Private Content Plus | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. | |||||
| CVE-2019-15814 | 1 Sentrifugo | 1 Sentrifugo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. | |||||
| CVE-2019-15811 | 1 Domainmod | 1 Domainmod | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In DomainMOD through 4.13, the parameter daterange in the file reporting/domains/cost-by-month.php has XSS. | |||||
| CVE-2019-15810 | 1 Netdisco | 1 Netdisco | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient sanitization during device search in Netdisco 2.042010 allows for reflected XSS via manipulation of a URL parameter. | |||||
| CVE-2019-15782 | 1 Webtorrent | 1 Webtorrent | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebTorrent before 0.107.6 allows XSS in the HTTP server via a title or file name. | |||||
| CVE-2019-15778 | 1 Getwooplugins | 1 Additional Variation Images For Woocommerce | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The woo-variation-gallery plugin before 1.1.29 for WordPress has XSS. | |||||
| CVE-2019-15777 | 1 Shapepress | 1 Wp Dsgvo Tools | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The shapepress-dsgvo plugin before 2.2.19 for WordPress has wp-admin/admin-ajax.php?action=admin-common-settings&admin_email= XSS. | |||||
| CVE-2019-15750 | 1 Sitos | 1 Sitos Six | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability in the blog function in SITOS six Build v6.2.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter. | |||||
| CVE-2019-15739 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 8.1 through 12.2.1. Certain areas displaying Markdown were not properly sanitizing some XSS payloads. | |||||
| CVE-2019-15724 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.10 through 12.2.1. Label descriptions are vulnerable to HTML injection. | |||||
| CVE-2019-15713 | 1 My Calendar Project | 1 My Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The my-calendar plugin before 3.1.10 for WordPress has XSS. | |||||
| CVE-2019-15700 | 1 Frappe | 1 Frappe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text. | |||||
| CVE-2019-15652 | 1 Nssglobal | 4 Satlink 2000, Satlink 2900, Satlink 2910 and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web interface for NSSLGlobal SatLink VSAT Modem Unit (VMU) devices before 18.1.0 doesn't properly sanitize input for error messages, leading to the ability to inject client-side code. | |||||
| CVE-2019-15644 | 1 Zoho | 1 Salesiq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The zoho-salesiq plugin before 1.0.9 for WordPress has stored XSS. | |||||
| CVE-2019-15643 | 1 Etoilewebdesign | 1 Ultimate Faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-faqs plugin before 1.8.22 for WordPress has XSS. | |||||
| CVE-2019-15619 | 1 Nextcloud | 3 Deck, Nextcloud Server, Talk | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Improper neutralization of file names, conversation names and board names in Nextcloud Server 16.0.3, Nextcloud Talk 6.0.3 and Nextcloud Deck 0.6.5 causes an XSS when linking them with each others in a project. | |||||
| CVE-2019-15618 | 1 Nextcloud | 1 Nextcloud Server | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Missing escaping of HTML in the Updater of Nextcloud 15.0.5 allowed a reflected XSS when starting the updater from a malicious location. | |||||