| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. |
| The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. |
| The events-manager plugin before 5.6 for WordPress has XSS. |
| The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. |
| The contact-form-plugin plugin before 3.96 for WordPress has XSS. |
| The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. |
| The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. |
| Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. |
| esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. |
| The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard. |
| Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. |
| MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. |
| SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. |
| The wp-slimstat (aka Slimstat Analytics) plugin before 4.1.6.1 for WordPress has XSS via an HTTP Referer header, or via a field associated with JavaScript-based Referer tracking. |
| XSS exists in the the-holiday-calendar plugin before 1.11.3 for WordPress via the thc-month parameter. |
| An issue was discovered in BEdita before 3.7.0. A cross-site scripting (XSS) attack occurs via a crafted pages/showObjects URI, as demonstrated by appending a payload to a pages/showObjects/2/0/0/leafs URI. |
| BMC Remedy Action Request (AR) System 9.0 before 9.0.00 Service Pack 2 hot fix 1 has persistent XSS. |
| Datto ALTO and SIRIS devices have a default VNC password. |
| jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed. |
| An issue was discovered in Skybox Platform before 7.5.201. Stored cross-site scripting vulnerabilities exist in the title, Comments, or Description field to /skyboxview/webskybox/tickets in Change Manager. |
