| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. |
| The cforms2 plugin before 10.5 for WordPress has XSS. |
| The cforms2 plugin before 10.2 for WordPress has XSS. |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. |
| The profile-builder plugin before 1.1.66 for WordPress has multiple XSS issues in forms. |
| The duplicate-post plugin before 2.6 for WordPress has XSS. |
| The cforms2 plugin before 13.2 for WordPress has XSS in lib_ajax.php. |
| Vembu StoreGrid 4.4.x has XSS in interface/registercustomer/onlineregsuccess.php, interface/registerreseller/onlineregfailure.php, interface/registerclient/onlineregfailure.php, and interface/registercustomer/onlineregfailure.php. |
| The karo gem 2.3.8 for Ruby allows Remote command injection via the host field. |
| Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content. |
| IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 91163. |
| The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input provided by the user, allowing for code execution on the executing server. |
| rubygem-hammer_cli_foreman: File /etc/hammer/cli.modules.d/foreman.yml world readable |
| The default configuration of broker.conf in Red Hat OpenShift Enterprise 2.x before 2.1 has a password of "mooo" for a Mongo account, which allows remote attackers to hijack the broker by providing this password, related to the openshift.sh script in Openshift Extras before 20130920. NOTE: this may overlap CVE-2013-4253 and CVE-2013-4281. |
| Versions of Katello as shipped with Red Hat Subscription Asset Manager 1.4 are vulnerable to a XSS via HTML in the systems name when registering. |
| mcollective has a default password set at install |
| Openshift has shell command injection flaws due to unsanitized data being passed into shell commands. |
