Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40922 | 1 Pixeline | 1 Bugs | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. | |||||
| CVE-2021-40923 | 1 Pixeline | 1 Bugs | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2021-40924 | 1 Pixeline | 1 Bugs | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | |||||
| CVE-2021-40925 | 1 Faveohelpdesk | 1 Faveo | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter. | |||||
| CVE-2021-40926 | 1 Getid3 | 1 Getid3 | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | |||||
| CVE-2021-40927 | 1 Alfred-spotify-mini-player | 1 Alfred Spotify Mini Player | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2021-40928 | 1 Glimmrtv | 1 Flextv | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. | |||||
| CVE-2021-40968 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | |||||
| CVE-2021-40970 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||
| CVE-2020-20781 | 1 Ucms Project | 1 Ucms | 2021-10-03 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in /ucms/index.php?do=list_edit of UCMS 1.4.7 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the title, key words, description or content text fields. | |||||
| CVE-2020-20131 | 1 Laracms Project | 1 Laracms | 2021-10-03 | 3.5 LOW | 5.4 MEDIUM |
| LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows atackers to execute arbitrary web scripts or HTML via a crafted payload in the page management module. | |||||
| CVE-2020-20129 | 1 Laracms Project | 1 Laracms | 2021-10-03 | 3.5 LOW | 5.4 MEDIUM |
| LaraCMS v1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the content editor. | |||||
| CVE-2021-29834 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2021-10-02 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0.0.0, 18.0.0.1, 18.0.0.2, 19.0.0.1, 19.0.0.2, 19.0.0.3,20.0.0.1, 20.0.0.2, and 21.0.2 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204832. | |||||
| CVE-2021-40969 | 1 Spotweb Project | 1 Spotweb | 2021-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. | |||||
| CVE-2021-40868 | 1 Cloudron | 1 Cloudron | 2021-10-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. | |||||
| CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | |||||
| CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | |||||
| CVE-2021-24657 | 1 Limit Login Attempts Project | 1 Limit Login Attempts | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Limit Login Attempts WordPress plugin before 4.0.50 does not escape the IP addresses (which can be controlled by attacker via headers such as X-Forwarded-For) of attempted logins before outputting them in the reports table, leading to an Unauthenticated Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24640 | 1 Gutenslider | 1 Gutenslider | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site Scripting attacks | |||||
| CVE-2021-24637 | 1 Fontsplugin | 1 Fonts | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site Scripting attacks via blockType (combined with content), align, color, variant and fontID argument of a Gutenberg block. | |||||
| CVE-2021-24609 | 1 Wp Mapa Politico Espana Project | 1 Wp Mapa Politico Espana | 2021-10-01 | 3.5 LOW | 4.8 MEDIUM |
| The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2016-6556 | 1 Opennms | 1 Opennms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP agent supplied data. By creating a malicious SNMP 'sysName' or 'sysContact' response, an attacker can store an XSS payload which will trigger when a user of the web UI views the data. This issue was fixed in version 18.0.2, released on September 20, 2016. | |||||
| CVE-2016-6555 | 1 Opennms | 1 Opennms | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenNMS version 18.0.1 and prior are vulnerable to a stored XSS issue due to insufficient filtering of SNMP trap supplied data. By creating a malicious SNMP trap, an attacker can store an XSS payload which will trigger when a user of the web UI views the events list page. This issue was fixed in version 18.0.2, released on September 20, 2016. | |||||
| CVE-2021-24596 | 1 Itservicejung | 1 Youforms-free-for-copecart | 2021-10-01 | 3.5 LOW | 4.8 MEDIUM |
| The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24600 | 1 Wp Dialog Project | 1 Wp Dialog | 2021-10-01 | 3.5 LOW | 4.8 MEDIUM |
| The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24613 | 1 Dfactory | 1 Post Views Counter | 2021-10-01 | 3.5 LOW | 4.8 MEDIUM |
| The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the frontend even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24604 | 1 Offshorewebmaster | 1 Availability Calendar | 2021-10-01 | 3.5 LOW | 4.8 MEDIUM |
| The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed | |||||
| CVE-2018-10023 | 1 Catfish-cms | 1 Catfish Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| Catfish CMS V4.7.21 allows XSS via the pinglun parameter to cat/index/index/pinglun (aka an authenticated comment). | |||||
| CVE-2007-5577 | 1 Joomla | 1 Joomla\! | 2021-10-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via the (1) Title or (2) Section Name form fields in the Section Manager component, or (3) multiple unspecified fields in New Menu Item. | |||||
| CVE-2007-4189 | 1 Joomla | 1 Joomla\! | 2021-10-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2021-24597 | 1 You-shang Project | 1 You-shang | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used | |||||
| CVE-2021-3830 | 1 Btcpayserver | 1 Btcpay Server | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-37271 | 1 Baidu | 1 Ueditor | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-37267 | 1 Kindsoft | 1 Kindeditor | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2020-20696 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | |||||
| CVE-2020-20695 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | |||||
| CVE-2021-24660 | 1 Wpxpo | 1 Postx - Gutenberg Blocks For Post Grid | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. | |||||
| CVE-2021-24659 | 1 Wpxpo | 1 Postx - Gutenberg Blocks For Post Grid | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. | |||||
| CVE-2020-20508 | 1 Shopkit Project | 1 Shopkit | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. | |||||
| CVE-2021-36875 | 1 Stylemixthemes | 1 Ulisting | 2021-10-01 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. | |||||
| CVE-2021-20554 | 1 Ibm | 1 Sterling Order Management | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. | |||||
| CVE-2021-39307 | 1 Pdftron | 1 Webviewer Ui | 2021-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. | |||||
| CVE-2021-40310 | 1 Os4ed | 1 Opensis | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. | |||||
| CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | |||||
| CVE-2021-24670 | 1 Status301 | 1 Coolclock | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-36841 | 1 Yithemes | 1 Yith Maintenance Mode | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | |||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-3824 | 1 Openvpn | 1 Openvpn Access Server | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. | |||||