| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Multiple vulnerabilities in the authentication mechanisms of Cisco Data Center Network Manager (DCNM) could allow an unauthenticated, remote attacker to bypass authentication and execute arbitrary actions with administrative privileges on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. |
| A vulnerability in the web-based management interface of Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct cross-site scripting (XSS) attacks against a user of the interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script or HTML code in the context of the interface, which could allow the attacker to gain access to sensitive, browser-based information. |
| The CRM Plugin before 4.2.4 for Redmine allows XSS via crafted vCard data. |
| Intesync Solismed 3.3sp has XSS. |
| Nagios Log Server before 2.0.8 allows Reflected XSS via the username on the Login page. |
| The JobCareer theme before 2.5.1 for WordPress has stored XSS. |
| The slick-popup plugin before 1.7.2 for WordPress has a hardcoded OmakPass13# password for the slickpopupteam account, after a Subscriber calls a certain AJAX action. |
| The breadcrumbs-by-menu plugin before 1.0.3 for WordPress has XSS. |
| JetBrains TeamCity 2019.1 and 2019.1.1 allows cross-site scripting (XSS), potentially making it possible to send an arbitrary HTTP request to a TeamCity server under the name of the currently logged-in user. |
| The easy-pdf-restaurant-menu-upload plugin before 1.1.2 for WordPress has XSS. |
| The custom-404-pro plugin before 3.2.8 for WordPress has reflected XSS, a different vulnerability than CVE-2019-14789. |
| The webp-express plugin before 0.14.8 for WordPress has stored XSS. |
| The wp-ultimate-recipe plugin before 3.12.7 for WordPress has stored XSS. |
| The simple-mail-address-encoder plugin before 1.7 for WordPress has reflected XSS. |
| The icegram plugin before 1.10.29 for WordPress has ig_cat_list XSS. |
| The photoblocks-grid-gallery plugin before 1.1.33 for WordPress has wp-admin/admin.php?page=photoblocks-edit&id= XSS. |
| The onesignal-free-web-push-notifications plugin before 1.17.8 for WordPress has XSS via the subdomain parameter. |
| The easy-property-listings plugin before 3.4 for WordPress has XSS. |
| The wp-private-content-plus plugin before 2.0 for WordPress has no protection against option changes via save_settings_page and other save_ functions. |
| Multiple stored XSS vulnerabilities in Sentrifugo 3.2 could allow authenticated users to inject arbitrary web script or HTML. |
