Total
35377 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-14796 | 1 Mq-woocommerce-products-price-bulk-edit Project | 1 Mq-woocommerce-products-price-bulk-edit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The mq-woocommerce-products-price-bulk-edit (aka Woocommerce Products Price Bulk Edit) plugin 2.0 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=update_options show_products_page_limit parameter. | |||||
| CVE-2019-14795 | 1 Toggle-the-title Project | 1 Toggle-the-title | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The toggle-the-title (aka Toggle The Title) plugin 1.4 for WordPress has XSS via the wp-admin/admin-ajax.php?action=update_title_options isAutoSaveValveChecked or isDisableAllPagesValveChecked parameter. | |||||
| CVE-2019-14792 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The WP Google Maps plugin before 7.11.35 for WordPress allows XSS via the wp-admin/ rectangle_name or rectangle_opacity parameter. | |||||
| CVE-2019-14791 | 1 Codepeople | 1 Appointment Booking Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Appointment Booking Calendar plugin 1.3.18 for WordPress allows XSS via the wp-admin/admin-post.php editionarea parameter. | |||||
| CVE-2019-14790 | 1 Limbcode | 1 Limb-gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The limb-gallery (aka Limb Gallery) plugin 1.4.0 for WordPress has XSS via the wp-admin/admin-ajax.php?action=grsGalleryAjax&grsAction=shortcode task parameter, | |||||
| CVE-2019-14789 | 1 Kunalnagar | 1 Custom 404 Pro | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom 404 Pro plugin 3.2.8 for WordPress has XSS via the wp-admin/admin.php?page=c4p-main page parameter. | |||||
| CVE-2019-14787 | 1 Tribulant | 1 Newsletters | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Tribulant Newsletters plugin before 4.6.19 for WordPress allows XSS via the wp-admin/admin-ajax.php?action=newsletters_load_new_editor contentarea parameter. | |||||
| CVE-2019-14785 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.99 for WordPress has XSS in the publishing wizard via the wp-admin/admin.php?page=cp_contact_form_paypal.php&pwizard=1 cp_contactformpp_id parameter. | |||||
| CVE-2019-14784 | 1 Codepeople | 1 Cp Contact Form With Paypal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "CP Contact Form with PayPal" plugin before 1.2.98 for WordPress has XSS in CSS edition. | |||||
| CVE-2019-14774 | 1 Getwooplugins | 1 Woo-variation-swatches | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The woo-variation-swatches (aka Variation Swatches for WooCommerce) plugin 1.0.61 for WordPress allows XSS via the wp-admin/admin.php?page=woo-variation-swatches-settings tab parameter. | |||||
| CVE-2019-14772 | 1 Verdaccio | 1 Verdaccio | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| verdaccio before 3.12.0 allows XSS. | |||||
| CVE-2019-14770 | 1 Backdropcms | 1 Backdrop Core | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3, some menu links within the administration bar may be crafted to execute JavaScript when the administrator is logged in and uses the search functionality. (This issue is mitigated by the attacker needing permissions to create administrative menu links, such as by creating a content type or layout. Such permissions are usually restricted to trusted or administrative users.) | |||||
| CVE-2019-14769 | 1 Backdropcms | 1 Backdrop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Backdrop CMS 1.12.x before 1.12.8 and 1.13.x before 1.13.3 doesn't sufficiently filter output when displaying certain block labels created by administrators. An attacker could potentially craft a specialized label, then have an administrator execute scripting when administering a layout. (This issue is mitigated by the attacker needing permission to create custom blocks on the site, which is typically an administrative permission.) | |||||
| CVE-2019-14761 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
| An issue was discovered in KaiOS 2.5. The pre-installed Note application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Note application. At a bare minimum, this allows an attacker to take control over the Note application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14760 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
| An issue was discovered in KaiOS 2.5. The pre-installed Recorder application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Recorder application. At a bare minimum, this allows an attacker to take control over the Recorder application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14759 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 1.9 LOW | 4.4 MEDIUM |
| An issue was discovered in KaiOS 1.0, 2.5, and 2.5.1. The pre-installed Radio application is vulnerable to HTML and JavaScript injection attacks. A local attacker can inject arbitrary HTML into the Radio application. At a bare minimum, this allows an attacker to take control over the Radio application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14758 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed File Manager application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a file via email to the victim that will inject HTML into the File Manager application (assuming the victim chooses to download the email attachment). At a bare minimum, this allows an attacker to take control over the File Manager application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14757 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KaiOS 2.5 and 2.5.1. The pre-installed Contacts application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a vCard file to the victim that will inject HTML into the Contacts application (assuming the victim chooses to import the file). At a bare minimum, this allows an attacker to take control over the Contacts application's UI (e.g., display a malicious prompt to the user asking them to re-enter credentials such as their KaiOS credentials to continue using the application) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14756 | 1 Kaiostech | 1 Kaios | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in KaiOS 1.0, 2.5, and 2.5.12.5. The pre-installed Email application is vulnerable to HTML and JavaScript injection attacks. An attacker can send a specially crafted email to the victim that will inject HTML into the email application's UI as soon as the email is opened. At a bare minimum, this allows an attacker to take control over the Email application's UI (e.g., display a malicious prompt to the user asking them to re-enter their email credentials) and also allows an attacker to abuse any of the privileges available to the mobile application. | |||||
| CVE-2019-14752 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SuiteCRM 7.10.x and 7.11.x before 7.10.20 and 7.11.8 has XSS. | |||||