Cross Site Scripting or lovingly called XSS. This is primarily is web application vulnerability. Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Flaws that allow these attacks to succeed are quite widespread and occur anywhere a web application uses input from a user within the output it generates without validating or encoding it.
There are three type of XSS attacks:
Note: XSS is a type of Injection flaw, however due to its widespread nature its generally considered as a independent issue.
Reference Source:
| Status | Component Name | Version | Disclosed By | Disclosure Date | Access Level | CVE-Number |
|---|---|---|---|---|---|---|
 |
wp-plugin : keyring | 1.5 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
 |
wp-plugin : immopress | 0.0.4 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : animal-captcha | 1.6.2 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : hunk-external-links | 3.0.5 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : google-maps-in-posts | 1.5.3 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : aprils-super-functions-pack | 1.4.7 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : google-map-generator | 1.3.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : athlon-manage-calameo-publications | 1.1.0 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : gbteamstats | 1.5.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : avchat-3 | 1.4.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : garees-flickr-feed | 0.8 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : blogroll-fun | 0.8.4 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : fixedly | 1.3.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : captcha-in-thai | 1.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : filtre-de-surveillance-gouvernemental | 1.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : clicksold-wordpress-plugin | 1.48 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : fancy-cats | 1.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : clipta-video-informer | 1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : dialogs | 1.0.3 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : contentboxes | 1.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : coupon-tab-for-directorypress-pp | 0.2.0 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : daily-inspiration-generator | 2 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : mywebcounter | 1.1 | Anantshri | 2014/07/07 | Unauthenticated | Not Assigned |
|
wp-plugin : wu-rating | 1.0 12319 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4601 |
|
wp-plugin : wp-tmkm-amazon | 1.5b | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4598 |
|
wp-plugin : wp-restful | 0.1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4595 |
|
wp-plugin : wp-responsive-preview | 1.1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4594 |
|
wp-plugin : wp-picasa-image | 1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4591 |
|
wp-plugin : wp-microblogs | 0.4.0 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4590 |
|
wp-plugin : wp-guestmap | 1.8 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4587 |
|
wp-plugin : wp-football | 1.1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4586 |
|
wp-plugin : wp-facethumb | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4585 | |
|
wp-plugin : wp-consultant | 1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4582 |
|
wp-plugin : wp-blipbot | 3.0.9 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4580 |
|
wp-plugin : wp-appointments-schedules | 1.5 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4579 |
|
wp-plugin : wikipop | 2 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4575 |
|
wp-plugin : walk-score | 0.5.5 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4573 |
|
wp-plugin : vn-calendar | 1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4571 |
|
wp-plugin : videowhisper-video-presentation | 3.25 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4570 |
|
wp-plugin : videowhisper-live-streaming-integration | 4.27.2 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-2715 |
|
wp-plugin : video-posts-webcam-recorder | 1.55.4 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4568 |
|
wp-plugin : video-comments-webcam-recorder | 1.55 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4567 |
|
wp-plugin : verification-code-for-comments | 2.1.0 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4565 |
|
wp-plugin : ruven-toolkit | 1.1 | Anantshri | 2014/06/12 | Unauthenticated | CVE-2014-4548 |
|
wp-plugin : wpcb | 2.4.8 | Anantshri | 2014/06/04 | Unauthenticated | CVE-2014-4581 |
|
wp-plugin : wp-app-maker | 1.0.16.4 | Anantshri | 2014/06/04 | Unauthenticated | CVE-2014-4578 |
|
wp-plugin : keyword-strategy-internal-links | 2 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4537 |
|
wp-plugin : wp-social-invitations | 1.4.4.2 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4597 |
|
wp-plugin : easy-career-openings | 0.4 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4523 |
|
wp-plugin : conversador | 2.61 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4519 |
|
wp-plugin : bic-media | 1 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4516 |
|
wp-plugin : anyfont | 2.2.3 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4515 |
|
wp-plugin : your-text-manager | 0.3.0 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4604 |
|
wp-plugin : webengage | 2.0.0 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4574 |
|
wp-plugin : swipe-hq-checkout-for-jigoshop | 3.1.0 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4557 |
|
wp-plugin : rezgo | 1.4.2 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4546 |
|
wp-plugin : fbpromotions | 1.3.4 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4528 |
|
wp-plugin : easy-post-types | 1.4.3 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4524 |
|
wp-plugin : rezgo-online-booking | 1.8 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4547 |
|
wp-plugin : efence | 1.3.2 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4526 |
|
wp-plugin : oleggo-livestream | 0.2.6 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4540 |
|
wp-plugin : dmca-watermarker | 1 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4520 |
|
wp-plugin : alipay | 3.6.0 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4514 |
|
wp-plugin : zelist-directory | 0.5.11.07 | Anantshri | 2014/05/28 | Unauthenticated | Not Assigned |
|
wp-plugin : zdstats | 2.0.1 | Anantshri | 2014/05/28 | Unauthenticated | CVE-2014-4605 |
|
wp-plugin : yahoo-updates-for-wordpress | 1 | Anantshri | 2014/05/28 | Unauthenticated | CVE-2014-4603 |
|
wp-plugin : xen-carousel | 0.12.2 | Anantshri | 2014/05/28 | Unauthenticated | CVE-2014-4602 |
|
wp-plugin : swipehq-payment-gateway-woocommerce | 2.7.1 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4558 |
|
wp-plugin : ss-downloads | 1.4.41 | Prajalkulkarni | 2014/05/28 | Unauthenticated | Not Assigned |
|
wp-plugin : omfg-mobile | 1.1.26 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4541 |
|
wp-plugin : malware-finder | 1.1 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4538 |
|
wp-plugin : envialosimple-email-marketing-y-newsletters-gratis | 1.97 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4527 |
|
wp-plugin : activehelper-livehelp | 3.1.0 | Prajalkulkarni | 2014/05/28 | Unauthenticated | CVE-2014-4513 |
|
wp-plugin : zeenshare | 1.0.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4606 |
|
wp-plugin : wpsnapapp | 1.5 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4596 |
|
wp-plugin : wppm | 1.6.4.b | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4593 |
|
wp-plugin : wphotfiles | 1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4588 |
|
wp-plugin : wp-ultimate-email-marketer | 1.1.0 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4600 |
|
wp-plugin : wp-ttisbdir | 1.0.2 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4599 |
|
wp-plugin : wp-planet | 0.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4592 |
|
wp-plugin : wp-media-player | 0.8 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4589 |
|
wp-plugin : wp-easybooking | 1.0.3 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4584 |
|
wp-plugin : wp-contact-sidebar-widget | 1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4583 |
|
wp-plugin : wordpress-social-login | 2.0.3 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4576 |
|
wp-plugin : votecount-for-balatarin | 0.1.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4572 |
|
wp-plugin : verweise-wordpress-twitter | 1.0.2 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4566 |
|
wp-plugin : validated | 1.0.2 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4564 |
|
wp-plugin : url-cloak-encrypt | 2 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4563 |
|
wp-plugin : ultimate-weather-plugin | 1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4561 |
|
wp-plugin : toolpage | 1.6.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4560 |
|
wp-plugin : swipehq-payment-gateway-wp-e-commerce | 3.1.0 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4559 |
|
wp-plugin : style-it | 1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4555 |
|
wp-plugin : spreadshirt-rss-3d-cube-flash-gallery | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4553 | |
|
wp-plugin : spotlightyour | 4.7 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4552 |
|
wp-plugin : social-connect | 1.0.4 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4551 |
|
wp-plugin : shortcode-ninja | 1.4 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4550 |
|
wp-plugin : sagepay-direct-for-woocommerce-payment-gateway | 0.1.6.7 - 20140128 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4549 |
|
wp-plugin : proquoter | 1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4545 |
|
wp-plugin : podcast-channels | 0.2.0 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4544 |
|
wp-plugin : pay-per-media-player | 1.24 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4543 |
|
wp-plugin : ooorl | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4542 | |
|
wp-plugin : movies | 0.6 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4539 |
|
wp-plugin : infusionsoft | 1.5.7 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4536 |
|
wp-plugin : import-legacy-media | 0.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4535 |
|
wp-plugin : html5-video-player-with-playlist | 2.4.0 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4534 |
|
wp-plugin : geo-redirector | 1.0.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4533 |
|
wp-plugin : garagesale | 1.2.2 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4532 |
|
wp-plugin : game-tabs | 0.4.0 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4531 |
|
wp-plugin : flash-photo-gallery | 0.7 | Prajalkulkarni | 2014/05/25 | Unauthenticated | [CVE-2014-4529] |
|
wp-plugin : ebay-feeds-for-wordpress | 1.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4525 |
|
wp-plugin : dssearchagent-wordpress-edition | 1.0-beta10 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4522 |
|
wp-plugin : dsidxpress | 2.1.0 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4521 |
|
wp-plugin : cbi-referral-manager | 1.2.1 | Prajalkulkarni | 2014/05/25 | Unauthenticated | CVE-2014-4517 |
|
wp-plugin : flog – A3-Cross-Site Scripting (XSS) | [0.1] | Prajalkulkarni | 2014/04/25 | [Unauthenticated] | CVE-2014-4530 |
|
wp-plugin : contactme | 2.3 | Prajalkulkarni | Unauthenticated | CVE-2014-4518 |