Total
36567 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2015-9314 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.4 for WordPress has XSS related to the Referer header. | |||||
| CVE-2015-9312 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.5 for WordPress has XSS related to an IMG element. | |||||
| CVE-2015-9311 | 1 Newstatpress Project | 1 Newstatpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The newstatpress plugin before 1.0.6 for WordPress has reflected XSS. | |||||
| CVE-2015-9306 | 1 Smackcoders | 1 Import All Pages\, Post Types\, Products\, Orders\, And Users As Xml \& Csv | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The wp-ultimate-csv-importer plugin before 3.8.1 for WordPress has XSS. | |||||
| CVE-2015-9304 | 1 Ultimatemember | 1 Ultimate Member | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ultimate-member plugin before 1.3.18 for WordPress has XSS via text input. | |||||
| CVE-2015-9303 | 1 Simplesharebuttons | 1 Simple Share Buttons Adder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-share-buttons-adder plugin before 6.0.0 for WordPress has XSS. | |||||
| CVE-2015-9302 | 1 Simple Fields Project | 1 Simple Fields | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simple-fields plugin before 1.4.11 for WordPress has XSS. | |||||
| CVE-2015-9300 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7 for WordPress has multiple XSS issues. | |||||
| CVE-2015-9299 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.5.7.1 for WordPress has DOM XSS. | |||||
| CVE-2015-9297 | 1 Pixelite | 1 Events Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The events-manager plugin before 5.6 for WordPress has XSS. | |||||
| CVE-2015-9296 | 1 Never5 | 1 Download Monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The download-monitor plugin before 1.7.1 for WordPress has XSS related to add_query_arg. | |||||
| CVE-2015-9295 | 1 Bestwebsoft | 1 Contact Form | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The contact-form-plugin plugin before 3.96 for WordPress has XSS. | |||||
| CVE-2015-9294 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 3.9.5 for WordPress has XSS in add_query_arg and remove_query_arg function instances. | |||||
| CVE-2015-9293 | 1 Tipsandtricks-hq | 1 All In One Wp Security \& Firewall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The all-in-one-wp-security-and-firewall plugin before 3.9.8 for WordPress has XSS in the unlock request feature. | |||||
| CVE-2015-9286 | 1 Nodebb | 1 Nodebb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Controllers.outgoing in controllers/index.js in NodeBB before 0.7.3 has outgoing XSS. | |||||
| CVE-2015-9285 | 1 Esotalk | 1 Esotalk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| esoTalk 1.0.0g4 has XSS via the PATH_INFO to the conversations/ URI. | |||||
| CVE-2015-9282 | 1 Grafana | 1 Piechart-panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pie Chart Panel plugin through 2019-01-02 for Grafana is vulnerable to XSS via legend data or tooltip data. When a chart is included in a Grafana dashboard, this vulnerability could allow an attacker to gain remote unauthenticated access to the dashboard. | |||||
| CVE-2015-9281 | 6 Hpe, Ibm, Linux and 3 more | 6 Hp-ux Ipfilter, Aix, Linux Kernel and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Logon Manager in SAS Web Infrastructure Platform before 9.4M3 allows reflected XSS on the Timeout page. | |||||
| CVE-2015-9279 | 1 Mailenable | 1 Mailenable | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MailEnable before 8.60 allows Stored XSS via malformed use of "<img/src" with no ">" character in the body of an e-mail message. | |||||
| CVE-2015-9276 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before 13.3.5535 was vulnerable to stored XSS by bypassing the anti-XSS mechanisms. It was possible to run JavaScript code when a victim user opens or replies to the attacker's email, which contained a malicious payload. Therefore, users' passwords could be reset by using an XSS attack, as the password reset page did not need the current password. | |||||