Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9358 | 1 Feedwordpress Project | 1 Feedwordpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The feedwordpress plugin before 2015.0514 for WordPress has XSS via add_query_arg() and remove_query_arg().
|
|||||
| CVE-2015-9357 | 1 Automattic | 1 Akismet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The akismet plugin before 3.1.5 for WordPress has XSS.
|
|||||
| CVE-2015-9356 | 1 Wp-vipergb Project | 1 Wp-vipergb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-vipergb plugin before 1.3.16 for WordPress has XSS via add_query_arg() and remove_query_arg(), a different issue than CVE-2014-9460.
|
|||||
| CVE-2015-9355 | 1 Simbahosting | 1 Two-factor-authentication | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The two-factor-authentication plugin before 1.1.10 for WordPress has XSS in the admin area.
|
|||||
| CVE-2015-9350 | 1 Slickremix | 1 Feed Them Social | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The feed-them-social plugin before 1.7.0 for WordPress has reflected XSS in the Facebook Feeds load more button.
|
|||||
| CVE-2015-9349 | 1 Cksource | 1 Ckeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The ckeditor-for-wordpress plugin before 4.5.3.1 for WordPress has reflected XSS in the "built-in (old)" file browser.
|
|||||
| CVE-2015-9347 | 1 Plot | 1 Plotly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-plotly plugin before 1.0.3 for WordPress has XSS by authors.
|
|||||
| CVE-2015-9346 | 1 Codepeople | 1 Polls Cp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The cp-polls plugin before 1.0.5 for WordPress has XSS.
|
|||||
| CVE-2015-9342 | 1 Impress | 1 Wp Rollback | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-rollback plugin before 1.2.3 for WordPress has XSS.
|
|||||
| CVE-2015-9336 | 1 Codection | 1 Clean Login | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The clean-login plugin before 1.5.1 for WordPress has reflected XSS.
|
|||||
| CVE-2015-9329 | 1 Soflyy | 1 Wp All Import | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-all-import plugin before 3.2.5 for WordPress has reflected XSS.
|
|||||
| CVE-2015-9328 | 1 Cozmoslabs | 1 Profile Builder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The profile-builder plugin before 2.2.5 for WordPress has XSS.
|
|||||
| CVE-2015-9327 | 1 Flickr Justified Gallery Project | 1 Flickr Justified Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The flickr-justified-gallery plugin before 3.4.0 for WordPress has XSS.
|
|||||
| CVE-2015-9321 | 1 Wpmadeeasy | 1 Shortcode Factory | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The shortcode-factory plugin before 1.1.1 for WordPress has XSS via add_query_arg.
|
|||||
| CVE-2015-9320 | 1 Optiontree Project | 1 Optiontree | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The option-tree plugin before 2.5.4 for WordPress has XSS related to add_query_arg.
|
|||||
| CVE-2015-9319 | 1 Greg\'s High Performance Seo Project | 1 Greg\'s High Performance Seo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The gregs-high-performance-seo plugin before 1.6.2 for WordPress has XSS in the context of an old browser.
|
|||||
| CVE-2015-9317 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The awesome-support plugin before 3.1.7 for WordPress has XSS via custom information messages.
|
|||||
| CVE-2015-9314 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header.
|
|||||
| CVE-2015-9312 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element.
|
|||||
| CVE-2015-9311 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The newstatpress plugin before 1.0.6 for WordPress has reflected XSS.
|
|||||
| CVE-2015-9306 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS.
|
|||||
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input.
|
|||||
| CVE-2015-9303 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS.
|
|||||
| CVE-2015-9302 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The simple-fields plugin before 1.4.11 for WordPress has XSS.
|
|||||
| CVE-2015-9300 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues.
|
|||||
| CVE-2015-9299 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS.
|
|||||
| CVE-2015-9297 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The events-manager plugin before 5.6 for WordPress has XSS.
|
|||||
| CVE-2015-9296 | 1 Never5 | 1 Download Monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg.
|
|||||
| CVE-2015-9295 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The contact-form-plugin plugin before 3.96 for WordPress has XSS.
|
|||||
| CVE-2015-9294 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances.
|
|||||
| CVE-2015-9293 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature.
|
|||||
| CVE-2015-9286 | 1 Nodebb | 1 Nodebb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS.
|
|||||
| CVE-2015-9285 | 1 Esotalk | 1 Esotalk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI.
|
|||||
| CVE-2015-9282 | 1 Grafana | 1 Piechart-panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard.
|
|||||
| CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page.
|
|||||
| CVE-2015-9279 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message.
|
|||||
| CVE-2015-9276 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password.
|
|||||
| CVE-2015-9273 | 1 Wp-slimstat | 1 Slimstat Analytics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking.
|
|||||
| CVE-2015-9270 | 1 Theholidaycalendar | 1 Holiday Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter.
|
|||||
| CVE-2015-9260 | 1 Bedita | 1 Bedita | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI.
|
|||||