Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2019-20211

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-13 Jan, 2020 | 17:39
Updated At-05 Aug, 2024 | 02:39
Rejected At-
Credits

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:13 Jan, 2020 | 17:39
Updated At:05 Aug, 2024 | 02:39
Rejected At:
▼CVE Numbering Authority (CNA)

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
x_refsource_MISC
https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
x_refsource_MISC
https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10013
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10014
x_refsource_MISC
https://wpvulndb.com/vulnerabilities/10018
x_refsource_MISC
https://cxsecurity.com/issue/WLB-2019120111
x_refsource_MISC
https://cxsecurity.com/issue/WLB-2019120112
x_refsource_MISC
https://cxsecurity.com/issue/WLB-2019120110
x_refsource_MISC
Hyperlink: https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
Resource:
x_refsource_MISC
Hyperlink: https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
Resource:
x_refsource_MISC
Hyperlink: https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
Resource:
x_refsource_MISC
Hyperlink: https://wpvulndb.com/vulnerabilities/10013
Resource:
x_refsource_MISC
Hyperlink: https://wpvulndb.com/vulnerabilities/10014
Resource:
x_refsource_MISC
Hyperlink: https://wpvulndb.com/vulnerabilities/10018
Resource:
x_refsource_MISC
Hyperlink: https://cxsecurity.com/issue/WLB-2019120111
Resource:
x_refsource_MISC
Hyperlink: https://cxsecurity.com/issue/WLB-2019120112
Resource:
x_refsource_MISC
Hyperlink: https://cxsecurity.com/issue/WLB-2019120110
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
x_refsource_MISC
x_transferred
https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
x_refsource_MISC
x_transferred
https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
x_refsource_MISC
x_transferred
https://wpvulndb.com/vulnerabilities/10013
x_refsource_MISC
x_transferred
https://wpvulndb.com/vulnerabilities/10014
x_refsource_MISC
x_transferred
https://wpvulndb.com/vulnerabilities/10018
x_refsource_MISC
x_transferred
https://cxsecurity.com/issue/WLB-2019120111
x_refsource_MISC
x_transferred
https://cxsecurity.com/issue/WLB-2019120112
x_refsource_MISC
x_transferred
https://cxsecurity.com/issue/WLB-2019120110
x_refsource_MISC
x_transferred
Hyperlink: https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://wpvulndb.com/vulnerabilities/10013
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://wpvulndb.com/vulnerabilities/10014
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://wpvulndb.com/vulnerabilities/10018
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cxsecurity.com/issue/WLB-2019120111
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cxsecurity.com/issue/WLB-2019120112
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://cxsecurity.com/issue/WLB-2019120110
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:13 Jan, 2020 | 18:15
Updated At:14 Jan, 2020 | 15:35

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via Listing Address, Listing Latitude, Listing Longitude, Email Address, Description, Name, Job or Position, Description, Service Name, Address, Latitude, Longitude, Phone Number, or Website.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.1MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Primary2.04.3MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 6.1
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 4.3
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:N/I:P/A:N
CPE Matches

cththemes
cththemes
>>citybook>>Versions before 2.3.4(exclusive)
cpe:2.3:a:cththemes:citybook:*:*:*:*:*:wordpress:*:*
cththemes
cththemes
>>easybook>>Versions before 1.2.2(exclusive)
cpe:2.3:a:cththemes:easybook:*:*:*:*:*:wordpress:*:*
cththemes
cththemes
>>townhub>>Versions before 1.0.6(exclusive)
cpe:2.3:a:cththemes:townhub:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://cxsecurity.com/issue/WLB-2019120110cve@mitre.org
Exploit
Third Party Advisory
https://cxsecurity.com/issue/WLB-2019120111cve@mitre.org
Exploit
Third Party Advisory
https://cxsecurity.com/issue/WLB-2019120112cve@mitre.org
Exploit
Third Party Advisory
https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727cve@mitre.org
Third Party Advisory
https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622cve@mitre.org
Third Party Advisory
https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571cve@mitre.org
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10013cve@mitre.org
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10014cve@mitre.org
Third Party Advisory
https://wpvulndb.com/vulnerabilities/10018cve@mitre.org
Third Party Advisory
Hyperlink: https://cxsecurity.com/issue/WLB-2019120110
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://cxsecurity.com/issue/WLB-2019120111
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://cxsecurity.com/issue/WLB-2019120112
Source: cve@mitre.org
Resource:
Exploit
Third Party Advisory
Hyperlink: https://themeforest.net/item/citybook-directory-listing-wordpress-theme/21694727
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://themeforest.net/item/easybook-directory-listing-wordpress-theme/23206622
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://themeforest.net/item/townhub-directory-listing-wordpress-theme/25019571
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wpvulndb.com/vulnerabilities/10013
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wpvulndb.com/vulnerabilities/10014
Source: cve@mitre.org
Resource:
Third Party Advisory
Hyperlink: https://wpvulndb.com/vulnerabilities/10018
Source: cve@mitre.org
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

19032Records found

CVE-2019-20212
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-2.58% / 83.33%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 17:44
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Persistent XSS via the chat widget/page message form.

Action-Not Available
Vendor-cththemesn/a
Product-easybooktownhubcitybookn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20210
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-3.24% / 86.78%
||
7 Day CHG+0.11%
Published-13 Jan, 2020 | 17:16
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow Reflected XSS via a search query.

Action-Not Available
Vendor-cththemesn/a
Product-easybooktownhubcitybookn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-36502
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.40% / 32.17%
||
7 Day CHG+0.05%
Published-25 Jul, 2023 | 13:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Balkon Theme <= 1.3.2 is vulnerable to Cross Site Scripting (XSS)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in cththemes Balkon plugin <= 1.3.2 versions.

Action-Not Available
Vendor-cththemescththemes
Product-balkonBalkon
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-25041
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.41% / 32.73%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 11:17
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Monolit Theme <= 2.0.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Monolit theme <= 2.0.6 versions.

Action-Not Available
Vendor-cththemesCththemes
Product-monolitMonolit
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29236
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.38% / 30.18%
||
7 Day CHG~0.00%
Published-07 Apr, 2023 | 11:22
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Outdoor Theme <= 3.9.6 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Cththemes Outdoor theme <= 3.9.6 versions.

Action-Not Available
Vendor-cththemesCththemes
Product-outdoorOutdoor
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-29430
Matching Score-10
Assigner-Patchstack
ShareView Details
Matching Score-10
Assigner-Patchstack
CVSS Score-7.1||HIGH
EPSS-0.38% / 30.18%
||
7 Day CHG~0.00%
Published-26 Jun, 2023 | 09:26
Updated-28 Apr, 2026 | 16:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress TheRoof Theme <= 1.0.3 is vulnerable to Cross Site Scripting (XSS)

Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in CTHthemes TheRoof theme <= 1.0.3 versions.

Action-Not Available
Vendor-cththemesCTHthemes
Product-theroofTheRoof
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20209
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-3.17% / 86.45%
||
7 Day CHG~0.00%
Published-13 Jan, 2020 | 17:05
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The CTHthemes CityBook before 2.3.4, TownHub before 1.0.6, and EasyBook before 1.2.2 themes for WordPress allow nsecure Direct Object Reference (IDOR) via wp-admin/admin-ajax.php to delete any page/post/listing.

Action-Not Available
Vendor-cththemesn/a
Product-easybooktownhubcitybookn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1293
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.12% / 62.23%
||
7 Day CHG~0.00%
Published-16 Jan, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the Management Center in Cisco FireSIGHT System Software 6.0.0 and 6.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCux40414.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-firesight_system_softwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10875
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.92% / 56.02%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 14:54
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-database-backup plugin before 4.3.1 for WordPress has XSS.

Action-Not Available
Vendor-wpseedsn/a
Product-wp_database_backupn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4476
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.1||MEDIUM
EPSS-0.42% / 33.81%
||
7 Day CHG~0.00%
Published-25 Sep, 2023 | 15:56
Updated-23 Apr, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Locatoraid Store Locator < 3.9.24 - Reflected XSS

The Locatoraid Store Locator WordPress plugin before 3.9.24 does not sanitise and escape the lpr-search parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

Action-Not Available
Vendor-plainwareUnknown
Product-locatoraidLocatoraid Store Locator
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20528
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.91% / 55.46%
||
7 Day CHG~0.00%
Published-18 Mar, 2020 | 18:36
Updated-05 Aug, 2024 | 02:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Ignite Realtime Openfire 4.4.1 allows XSS via the setup/setup-datasource-standard.jsp username parameter.

Action-Not Available
Vendor-igniterealtimen/a
Product-openfiren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10510
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.66% / 73.76%
||
7 Day CHG~0.00%
Published-31 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Security component of Kohana before 3.3.6 allows remote attackers to inject arbitrary web script or HTML by bypassing the strip_image_tags protection mechanism in system/classes/Kohana/Security.php.

Action-Not Available
Vendor-kohanaframeworkn/aDebian GNU/Linux
Product-debian_linuxkohanan/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20152
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.67% / 47.38%
||
7 Day CHG~0.00%
Published-20 Aug, 2020 | 12:37
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XSS issue was discovered in TreasuryXpress 19191105. Due to the lack of filtering and sanitization of user input, malicious JavaScript can be executed throughout the application. A malicious payload can be injected within the Custom Workflow component and inserted via the Create New Workflow field. As a result, the payload is executed via the navigation bar throughout the application.

Action-Not Available
Vendor-treasuryxpressn/a
Product-treasuryxpressn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10515
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.68% / 47.78%
||
7 Day CHG~0.00%
Published-18 Oct, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Redmine before 3.2.3, there are stored XSS vulnerabilities affecting Textile and Markdown text formatting, and project homepages.

Action-Not Available
Vendor-redminen/a
Product-redminen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10975
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.96% / 57.08%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:03
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fluid-responsive-slideshow plugin before 2.2.7 for WordPress has reflected XSS via the skin parameter.

Action-Not Available
Vendor-tonjoostudion/a
Product-fluid-responsive-slideshown/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10998
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.94% / 56.66%
||
7 Day CHG~0.00%
Published-20 Sep, 2019 | 14:29
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS.

Action-Not Available
Vendor-ocimscriptsn/a
Product-ocim-mp3n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-4493
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-6.1||MEDIUM
EPSS-0.40% / 32.23%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 12:24
Updated-05 Sep, 2024 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Easy Address Book Web Server Stored XSS vulnerability

Stored Cross-Site Scripting in Easy Address Book Web Server 1.6 version, through the users_admin.ghp file that affects multiple parameters such as (firstname, homephone, lastname, lastname, middlename, workaddress, workcity, workcountry, workphone, workstate, workzip). This vulnerability allows a remote attacker to store a malicious JavaScript payload in the application to be executed when the page is loaded, resulting in an integrity impact.

Action-Not Available
Vendor-easy_address_book_web_server_projectEFS Software
Product-easy_address_book_web_serverEasy Address Book Web Server
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10941
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.23% / 65.15%
||
7 Day CHG~0.00%
Published-13 Sep, 2019 | 11:52
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The podlove-podcasting-plugin-for-wordpress plugin before 2.3.16 for WordPress has XSS exploitable via CSRF.

Action-Not Available
Vendor-podloven/a
Product-podlove_podcast_publishern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-1417
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.92% / 77.40%
||
7 Day CHG~0.00%
Published-28 Mar, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Caloris Planitia Online Quiz System (aka Web Quiz pro), possibly 1.0, allow remote attackers to inject arbitrary web script or HTML via the (1) exam parameter in prequiz.asp or (2) msg parameter in student.asp.

Action-Not Available
Vendor-caloris_planitia_technologiesn/a
Product-web_quiz_pron/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1318
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 58.82%
||
7 Day CHG~0.00%
Published-09 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Application Policy Infrastructure Controller Enterprise Module (APIC-EM) 1.1 allows remote attackers to inject arbitrary web script or HTML via crafted markup data, aka Bug ID CSCux15489.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-application_policy_infrastructure_controller_enterprise_modulen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10920
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.92% / 56.01%
||
7 Day CHG~0.00%
Published-22 Aug, 2019 | 12:32
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The gnucommerce plugin before 0.5.7-BETA for WordPress has XSS.

Action-Not Available
Vendor-sirn/a
Product-gnucommercen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44753
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 16.36%
||
7 Day CHG~0.00%
Published-22 Apr, 2025 | 00:00
Updated-24 Apr, 2025 | 14:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A stored cross-site scripting (XSS) vulnerability fin Student Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the email parameter on the profile.php page.

Action-Not Available
Vendor-n/amayuri_k
Product-online_student_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10699
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.38% / 68.73%
||
7 Day CHG~0.00%
Published-31 Oct, 2017 | 07:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-2740E 1.00_BG_20150720 devices are prone to persistent XSS attacks in the username and password fields: a remote unauthenticated user may craft logins and passwords with script tags in them. Because there is no sanitization in the input fields, an unaware logged-in administrator may be a victim when checking the router logs.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2740edsl-2740e_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-44089
Matching Score-4
Assigner-Pandora FMS
ShareView Details
Matching Score-4
Assigner-Pandora FMS
CVSS Score-6.1||MEDIUM
EPSS-0.25% / 16.38%
||
7 Day CHG~0.00%
Published-29 Dec, 2023 | 11:50
Updated-17 Sep, 2024 | 13:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
XSS in Visual Console

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Pandora FMS on all allows Cross-Site Scripting (XSS). It was possible to execute malicious JS code on Visual Consoles. This issue affects Pandora FMS: from 700 through 774.

Action-Not Available
Vendor-Pandora FMS S.L.U.
Product-pandora_fmsPandora FMS
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10961
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.02% / 59.16%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:23
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The colorway theme before 3.4.2 for WordPress has XSS via the contactName parameter.

Action-Not Available
Vendor-inkthemesn/a
Product-colorwayn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10878
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.98% / 57.84%
||
7 Day CHG~0.00%
Published-12 Aug, 2019 | 14:52
Updated-07 May, 2025 | 13:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-google-map-plugin plugin before 3.1.2 for WordPress has XSS.

Action-Not Available
Vendor-wepluginsn/a
Product-wp_mapsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10913
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.91% / 55.69%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 14:56
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The wp-latest-posts plugin before 3.7.5 for WordPress has XSS.

Action-Not Available
Vendor-n/aJoomUnited
Product-wp_latest_postsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10979
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 55.39%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:09
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The fossura-tag-miner plugin before 1.1.5 for WordPress has XSS.

Action-Not Available
Vendor-fossuran/a
Product-tag_minern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1331
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 58.82%
||
7 Day CHG~0.00%
Published-15 Feb, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in Cisco Emergency Responder 11.5(0.99833.5) allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCuy10766.

Action-Not Available
Vendor-n/aSun Microsystems (Oracle Corporation)
Product-opensolarisn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1205
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.02% / 59.15%
||
7 Day CHG~0.00%
Published-28 Apr, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the shiro8 (1) category_freearea_ addition_plugin plugin 1.0 and (2) itemdetail_freearea_ addition_plugin plugin 1.0 for EC-CUBE allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-shiro8n/a
Product-itemdetail_freearea_additioncategory_freearea_additionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20803
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.81% / 76.03%
||
7 Day CHG~0.00%
Published-21 May, 2020 | 21:51
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Gila CMS before 1.11.6 has reflected XSS via the admin/content/postcategory id parameter, which is mishandled for g_preview_theme.

Action-Not Available
Vendor-gilacmsn/a
Product-gila_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1157
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 58.80%
||
7 Day CHG~0.00%
Published-23 Feb, 2016 | 02:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in log_chat.cgi in Script* Log-Chat before 2.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-log-chat_projectn/a
Product-log-chatn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1217
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.08% / 60.93%
||
7 Day CHG~0.00%
Published-20 Apr, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the "Check available times" function in Cybozu Garoon before 4.2.2.

Action-Not Available
Vendor-n/aCybozu, Inc.
Product-garoonn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10706
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.96% / 57.19%
||
7 Day CHG~0.00%
Published-12 Jan, 2018 | 19:00
Updated-17 Sep, 2024 | 03:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Jetpack plugin before 4.0.3 for WordPress has XSS via a crafted Vimeo link.

Action-Not Available
Vendor-n/aAutomattic Inc.
Product-jetpackn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10895
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.91% / 55.69%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 15:28
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The option-tree plugin before 2.6.0 for WordPress has XSS via an add_list_item or add_social_links AJAX request.

Action-Not Available
Vendor-optiontree_projectn/a
Product-optiontreen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-0579
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.08% / 61.16%
||
7 Day CHG~0.00%
Published-14 May, 2018 | 13:00
Updated-05 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in Open Graph for Facebook, Google+ and Twitter Card Tags plugin prior to version 2.2.4.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-webdadosWebdados
Product-open_graph_for_facebook\,_google\+_and_twitter_card_tagsOpen Graph for Facebook, Google+ and Twitter Card Tags
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10976
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.51% / 71.25%
||
7 Day CHG~0.00%
Published-17 Sep, 2019 | 14:05
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The safe-editor plugin before 1.2 for WordPress has no se_save authentication, with resultant XSS.

Action-Not Available
Vendor-kodebyraaetn/a
Product-safe_editorn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1171
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 58.80%
||
7 Day CHG~0.00%
Published-06 Apr, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Recruit plugin before 0.9.3 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-hiniaratan/a
Product-casebook_pluginn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20222
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.67% / 47.38%
||
7 Day CHG~0.00%
Published-02 Jan, 2020 | 04:30
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Support Incident Tracker (SiT!) 3.67, the Short Application Name and Application Name inputs in the config.php page are affected by XSS.

Action-Not Available
Vendor-sitrackern/a
Product-support_incident_trackern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-1000154
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.60% / 72.80%
||
7 Day CHG~0.00%
Published-05 Apr, 2018 | 13:00
Updated-16 Sep, 2024 | 18:33
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zammad GmbH Zammad version 2.3.0 and earlier contains a Improper Neutralization of Script-Related HTML Tags in a Web Page (CWE-80) vulnerability in the subject of emails which are not html quoted in certain cases. This can result in the embedding and execution of java script code on users browser. This attack appear to be exploitable via the victim openning a ticket. This vulnerability appears to have been fixed in 2.3.1, 2.2.2 and 2.1.3.

Action-Not Available
Vendor-zammadn/a
Product-zammadn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1304
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 58.82%
||
7 Day CHG~0.00%
Published-30 Jan, 2016 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Cisco Unity Connection 10.5(2.3009) allows remote attackers to inject arbitrary web script or HTML via a crafted value, aka Bug ID CSCux82596.

Action-Not Available
Vendor-n/aCisco Systems, Inc.
Product-unity_connectionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-0857
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-3.27% / 86.90%
||
7 Day CHG~0.00%
Published-23 Feb, 2006 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element.

Action-Not Available
Vendor-e107n/a
Product-e107chatbox_pluginn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10963
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.90% / 55.39%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 12:26
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The icegram plugin before 1.9.19 for WordPress has XSS.

Action-Not Available
Vendor-icegramn/a
Product-icegram_engagen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-1169
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-6.1||MEDIUM
EPSS-1.01% / 58.80%
||
7 Day CHG~0.00%
Published-06 Apr, 2016 | 23:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the Casebook plugin before 0.9.4 for baserCMS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-hiniaratan/a
Product-casebook_pluginn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-0996
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-10.81% / 95.30%
||
7 Day CHG~0.00%
Published-10 Apr, 2006 | 18:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed.

Action-Not Available
Vendor-n/aThe PHP Group
Product-phpn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10900
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.91% / 55.69%
||
7 Day CHG~0.00%
Published-21 Aug, 2019 | 12:39
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The uji-countdown plugin before 2.0.7 for WordPress has XSS.

Action-Not Available
Vendor-wpmanagen/a
Product-uji_countdownn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2025-42975
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.1||MEDIUM
EPSS-0.23% / 14.17%
||
7 Day CHG~0.00%
Published-12 Aug, 2025 | 02:10
Updated-13 Aug, 2025 | 20:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Multiple vulnerabilities in SAP NetWeaver Application Server ABAP (BIC Document)

SAP NetWeaver Application Server ABAP (BIC Document) allows an unauthenticated attacker to craft a URL link which, when accessed on the BIC Document application, embeds a malicious script. When a victim clicks on this link, the script executes in the victim's browser, allowing the attacker to access and/or modify information related to the web client without affecting availability.

Action-Not Available
Vendor-SAP SE
Product-SAP NetWeaver Application Server ABAP (BIC Document)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20921
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.74% / 74.94%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 12:30
Updated-25 Nov, 2024 | 18:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

bootstrap-select before 1.13.6 allows Cross-Site Scripting (XSS). It does not escape title values in OPTION elements. This may allow attackers to execute arbitrary JavaScript in a victim's browser.

Action-Not Available
Vendor-snapappointmentsn/a
Product-bootstrap-selectn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-0842
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.84% / 76.35%
||
7 Day CHG~0.00%
Published-22 Feb, 2006 | 02:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Calacode @Mail 4.3 allows remote attackers to inject arbitrary web script or HTML via a modified javascript: string in the SRC attribute of an IMG element in an e-mail message, as demonstrated by "java&#09;script:." NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-calacoden/a
Product-atmail_webmail_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2006-0938
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-1.25% / 65.68%
||
7 Day CHG~0.00%
Published-01 Mar, 2006 | 02:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in eZ publish 3.7.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the RefererURL parameter.

Action-Not Available
Vendor-ezn/a
Product-ez_publishn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 380
  • 381
  • Next
Details not found