Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2016-10870 | 1 Gtranslate | 1 Google Language Translator | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The google-language-translator plugin before 5.0.06 for WordPress has XSS.
|
|||||
| CVE-2016-10869 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The contact-form-plugin plugin before 4.0.2 for WordPress has XSS.
|
|||||
| CVE-2016-10868 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The all-in-one-wp-security-and-firewall plugin before 4.0.5 for WordPress has XSS in the blacklist, file system, and file change detection settings pages.
|
|||||
| CVE-2016-10867 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The all-in-one-wp-security-and-firewall plugin before 4.0.6 for WordPress has XSS in settings pages.
|
|||||
| CVE-2016-10866 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The all-in-one-wp-security-and-firewall plugin before 4.2.0 for WordPress has multiple XSS issues.
|
|||||
| CVE-2016-10864 | 1 Netgear | 2 Ex7000, Ex7000 Firmware | 2024-11-21 | 2.9 LOW | 5.2 MEDIUM |
|
NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.
|
|||||
| CVE-2016-10854 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 11.54.0.4 allows self XSS in the X3 Entropy Banner interface (SEC-87).
|
|||||
| CVE-2016-10853 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 11.54.0.4 allows stored XSS in the WHM Feature Manager interface (SEC-86).
|
|||||
| CVE-2016-10851 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 11.54.0.4 allows self XSS in the WHM PHP Configuration editor interface (SEC-84).
|
|||||
| CVE-2016-10827 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 55.9999.141 allows self stored XSS in WHM Edit System Mail Preferences (SEC-96).
|
|||||
| CVE-2016-10822 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 55.9999.141 allows self XSS in X3 Reseller Branding Images (SEC-88).
|
|||||
| CVE-2016-10813 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 57.9999.54 allows self XSS during ftp account creation under addon domains (SEC-118).
|
|||||
| CVE-2016-10806 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 57.9999.54 allows self XSS on the Paper Lantern Landing Page (SEC-110).
|
|||||
| CVE-2016-10795 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 59.9999.145 allows stored XSS in the WHM tail_upcp2.cgi interface (SEC-156).
|
|||||
| CVE-2016-10784 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self XSS in the alias upload interface (SEC-184).
|
|||||
| CVE-2016-10783 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self stored XSS in SSL_listkeys (SEC-182).
|
|||||
| CVE-2016-10782 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self stored XSS in postgres API1 listdbs (SEC-181).
|
|||||
| CVE-2016-10781 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self XSS in the UI_confirm API (SEC-180).
|
|||||
| CVE-2016-10780 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).
|
|||||
| CVE-2016-10779 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows stored XSS in api1_listautoresponders (SEC-179).
|
|||||
| CVE-2016-10778 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self stored XSS in the listftpstable API (SEC-178).
|
|||||
| CVE-2016-10777 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self XSS in WHM Tweak Settings for autodiscover_host (SEC-177).
|
|||||
| CVE-2016-10776 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows stored XSS during the homedir removal phase of WHM Account termination (SEC-174).
|
|||||
| CVE-2016-10774 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).
|
|||||
| CVE-2016-10767 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
cPanel before 60.0.25 allows stored XSS in the WHM Repair Mailbox Permissions interface (SEC-159).
|
|||||
| CVE-2016-10763 | 1 Automattic | 1 Camptix Event Ticketing | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The CampTix Event Ticketing plugin before 1.5 for WordPress allows XSS in the admin section via a ticket title or body.
|
|||||
| CVE-2016-10744 | 1 Select2 | 1 Select2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Select2 through 4.0.5, as used in Snipe-IT and other products, rich selectlists allow XSS. This affects use cases with Ajax remote data loading when HTML templates are used to display listbox data.
|
|||||
| CVE-2016-10737 | 1 S9y | 1 Serendipity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Serendipity 2.0.4 has XSS via the serendipity_admin.php serendipity[body] parameter.
|
|||||
| CVE-2016-10736 | 1 Devpups | 1 Social Pug | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The "Social Pug - Easy Social Share Buttons" plugin before 1.2.6 for WordPress allows XSS via the wp-admin/admin.php?page=dpsp-toolkit dpsp_message_class parameter.
|
|||||
| CVE-2016-10735 | 1 Getbootstrap | 1 Bootstrap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041.
|
|||||
| CVE-2016-10719 | 1 Tp-link | 2 Archer Cr700, Archer Cr700 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TP-Link Archer CR-700 1.0.6 devices have an XSS vulnerability that can be introduced into the admin account through a DHCP request, allowing the attacker to steal the cookie information, which contains the base64 encoded username and password.
|
|||||
| CVE-2016-10716 | 1 Mail.ru | 1 Calendar | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Mail.ru Calendar plugin before 2.5.0.61 for Atlassian Jira has XSS via the Name field in a Create Calender action, related to a MailRuCalendar.jspa#period/month URI.
|
|||||
| CVE-2016-10715 | 1 Artezio | 1 Kanban Board | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The Artezio Kanban Board plugin 1.4 revision 1914 for Atlassian Jira has XSS via the Board Name in a Create New Board action, related to an artezioboard/mainPage.jspa?kanbanId=7#/kanban-view URI.
|
|||||
| CVE-2016-10706 | 1 Automattic | 1 Jetpack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.
|
|||||
| CVE-2016-10705 | 1 Automattic | 1 Jetpack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Jetpack plugin before 4.0.4 for WordPress has XSS via the Likes module.
|
|||||
| CVE-2016-10549 | 1 Sailsjs | 1 Sails | 2024-11-21 | 2.1 LOW | 4.4 MEDIUM |
|
Sails is an MVC style framework for building realtime web applications. Version 0.12.7 and lower have an issue with the CORS configuration where the value of the origin header is reflected as the value for the Access-Control-Allow-Origin header. This would allow an attacker to make AJAX requests to vulnerable hosts through cross site scripting or a malicious HTML Document, effectively bypassing the Same Origin Policy. Note that this is only an issue when `allRoutes` is set to `true` and `origin` ...
Show More |
|||||
| CVE-2016-10548 | 1 Reduce-css-calc Project | 1 Reduce-css-calc | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Arbitrary code execution is possible in reduce-css-calc node module <=1.2.4 through crafted css. This makes cross sites scripting (XSS) possible on the client and arbitrary code injection possible on the server and user input is passed to the `calc` function.
|
|||||
| CVE-2016-10547 | 1 Mozilla | 1 Nunjucks | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Nunjucks is a full featured templating engine for JavaScript. Versions 2.4.2 and lower have a cross site scripting (XSS) vulnerability in autoescape mode. In autoescape mode, all template vars should automatically be escaped. By using an array for the keys, such as `name[]=<script>alert(1)</script>`, it is possible to bypass autoescaping and inject content into the DOM.
|
|||||
| CVE-2016-10537 | 1 Backbone Project | 1 Backbone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
backbone is a module that adds in structure to a JavaScript heavy application through key-value pairs and custom events connecting to your RESTful API through JSON There exists a potential Cross Site Scripting vulnerability in the `Model#Escape` function of backbone 0.3.3 and earlier, if a user is able to supply input. This is due to the regex that's replacing things to miss the conversion of things such as `<` to `<`.
|
|||||
| CVE-2016-10531 | 1 Marked Project | 1 Marked | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
marked is an application that is meant to parse and compile markdown. Due to the way that marked 0.3.5 and earlier parses input, specifically HTML entities, it's possible to bypass marked's content injection protection (`sanitize: true`) to inject a `javascript:` URL. This flaw exists because `&#xNNanything;` gets parsed to what it could and leaves the rest behind, resulting in just `anything;` being left.
|
|||||