| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Cross-site scripting (XSS) vulnerability in the Webform Framework API in IBM Forms Server 4.0.x, 8.0.x, 8.1, and 8.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. IBM X-Force ID: 110006. |
| A reflected Cross-site Scripting (XSS) vulnerability exists in OcPortal 9.0.20 via the OCF_EMOTICON_CELL.tpl FIELD_NAME field to data/emoticons.php. |
| The Fast Secure Contact Form plugin before 4.0.38 for WordPress allows fs_contact_form1[welcome] XSS. |
| The NextGEN Gallery plugin before 2.1.10 for WordPress has multiple XSS issues involving thumbnail_width, thumbnail_height, thumbwidth, thumbheight, wmXpos, and wmYpos, and template. |
| The weeklynews theme before 2.2.9 for WordPress has XSS via the s parameter. |
| The Modern theme before 1.4.2 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The Auberge theme before 1.4.5 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The Artificial Intelligence theme before 1.2.4 for WordPress has XSS because Genericons HTML files are unnecessarily placed under the web root. |
| The Exquisite Ultimate Newspaper theme 1.3.3 for WordPress has XSS via the anchor identifier to assets/js/jquery.foundation.plugins.js. |
| The syndication-links plugin before 1.0.3 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The indieweb-post-kinds plugin before 1.3.1.1 for WordPress has XSS via the genericons/example.html anchor identifier. |
| The my-wish-list plugin before 1.4.2 for WordPress has multiple XSS issues. |
| prettyPhoto before 3.1.6 has js/jquery.prettyPhoto.js XSS. |
| The incoming-links plugin before 0.9.10b for WordPress has referrers.php XSS via the Referer HTTP header. |
| The content-grabber plugin 1.0 for WordPress has XSS via obj_field_name or obj_field_id. |
| The broken-link-manager plugin 0.4.5 for WordPress has XSS via the page parameter in a delURL action. |
| The searchterms-tagging-2 plugin through 1.535 for WordPress has XSS via the wp-admin/options-general.php count parameter. |
| The broken-link-manager plugin before 0.6.0 for WordPress has XSS via the HTTP Referer or User-Agent header to a URL that does not exist. |
| The altos-connect plugin 1.3.0 for WordPress has XSS via the wp-content/plugins/altos-connect/jquery-validate/demo/demo/captcha/index.php/ PATH_SELF. |
| The addthis plugin before 5.0.13 for WordPress has CSRF with resultant XSS via the wp-admin/options-general.php?page=addthis_social_widget pubid parameter. |
