Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by CWE-79
Total 17262 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2015-20105 1 Cbads 1 Clickbank Affiliate Ads 2021-12-03 6.8 MEDIUM 9.6 CRITICAL
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues
CVE-2015-20106 1 Cbads 1 Clickbank Affiliate Ads 2021-12-03 3.5 LOW 4.8 MEDIUM
The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed.
CVE-2020-13947 2 Apache, Oracle 3 Activemq, Communications Session Report Manager, Communications Session Route Manager 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0.
CVE-2021-40577 1 Online Enrollment Management System Project 1 Online Enrollment Management System 2021-12-03 3.5 LOW 5.4 MEDIUM
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter.
CVE-2021-24247 1 Mooveagency 1 Contact Form Check Tester 2021-12-03 3.5 LOW 5.4 MEDIUM
The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin.
CVE-2021-25785 1 Taogogo 1 Taocms 2021-12-03 3.5 LOW 4.8 MEDIUM
Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column.
CVE-2021-32718 1 Vmware 1 Rabbitmq 2021-12-03 3.5 LOW 5.4 MEDIUM
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
CVE-2021-25273 1 Sophos 1 Unified Threat Management 2021-12-03 3.5 LOW 4.8 MEDIUM
Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706.
CVE-2021-24169 1 Algolplus 1 Advanced Order Export 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS.
CVE-2021-27520 1 Fudforum 1 Fudforum 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
CVE-2021-27519 1 Fudforum 1 Fudforum 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
CVE-2021-28420 1 Seopanel 1 Seo Panel 2021-12-03 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
CVE-2021-28418 1 Seopanel 1 Seo Panel 2021-12-03 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
CVE-2021-28417 1 Seopanel 1 Seo Panel 2021-12-03 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
CVE-2021-3150 1 Cryptshare 1 Cryptshare Server 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1
CVE-2021-21080 1 Adobe 1 Connect 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
CVE-2021-21079 1 Adobe 1 Connect 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field.
CVE-2021-43682 1 Thinkphp-bjyblog Project 1 Thinkphp-bjyblog 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function will terminate the script and print the message to the user which has $_SERVER['HTTP_HOST'].
CVE-2020-35037 1 Wp-events-plugin 1 Events Manager 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues
CVE-2021-43673 1 Dzzoffice 1 Dzzoffice 2021-12-03 4.3 MEDIUM 6.1 MEDIUM
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of exit function will be print for the user exit(json_encode($return)).