| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability classified as problematic was found in University of Cambridge django-ucamlookup up to 1.9.1. Affected by this vulnerability is an unknown functionality of the component Lookup Handler. The manipulation leads to cross site scripting. The attack can be launched remotely. Upgrading to version 1.9.2 is able to address this issue. The identifier of the patch is 5e25e4765637ea4b9e0bf5fcd5e9a922abee7eb3. It is recommended to upgrade the affected component. The identifier VDB-217441 was assigned to this vulnerability. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. |
| A vulnerability was found in oxguy3 coebot-www and classified as problematic. This issue affects the function displayChannelCommands/displayChannelQuotes/displayChannelAutoreplies/showChannelHighlights/showChannelBoir of the file js/channel.js. The manipulation leads to cross site scripting. The attack may be initiated remotely. The patch is named c1a6c44092585da4236237e0e7da94ee2996a0ca. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-217355. |
| php/qmn_options_questions_tab.php in the quiz-master-next plugin before 4.7.9 for WordPress allows CSRF, with resultant stored XSS, via the question_name parameter because js/admin_question.js mishandles parsing inside of a SCRIPT element. |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS because it configures files to be opened in a browser window. |
| An issue was discovered in Mattermost Server before 2.2.0. It allows XSS via a crafted link. |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a redirect URL. |
| An issue was discovered in Mattermost Server before 3.0.0. It allows XSS via a Legal or Support setting. |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS because the noreferrer and noopener protection mechanisms were not in place. |
| An issue was discovered in Mattermost Server before 3.1.0. It allows XSS via theme color-code values. |
| An issue was discovered in Mattermost Server before 3.5.1. XSS can occur via file preview. |
| NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS. |
| The wp-listings plugin before 2.0.2 for WordPress has includes/views/single-listing.php XSS. |
| The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant XSS. |
| The instalinker plugin before 1.1.2 for WordPress has includes/instalinker-admin-preview.php?client_id= XSS. |
| The user-submitted-posts plugin before 20160215 for WordPress has XSS via the user-submitted-content field. |
| The Goodnews theme through 2016-02-28 for WordPress has XSS via the s parameter. |
| The ocim-mp3 plugin through 2016-03-07 for WordPress has wp-content/plugins/ocim-mp3/source/pages.php?id= XSS. |
| The Truemag theme 2016 Q2 for WordPress has XSS via the s parameter. |
| The ScoreMe theme through 2016-04-01 for WordPress has XSS via the s parameter. |
| The music-store plugin before 1.0.43 for WordPress has XSS via the wp-admin/admin.php?page=music-store-menu-reports from_year parameter. |
