Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28796 | 1 Increments | 1 Qiita\ | 2021-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. | |||||
| CVE-2021-30458 | 1 Wikimedia | 1 Parsoid | 2021-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. | |||||
| CVE-2021-31761 | 1 Webmin | 1 Webmin | 2021-12-08 | 6.8 MEDIUM | 9.6 CRITICAL |
| Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | |||||
| CVE-2020-27356 | 1 Debug Meta Data Project | 1 Debug Meta Data | 2021-12-08 | 3.5 LOW | 5.4 MEDIUM |
| The debug-meta-data plugin 1.1.2 for WordPress allows XSS. | |||||
| CVE-2021-44726 | 1 Knime | 1 Knime Server | 2021-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | |||||
| CVE-2020-22421 | 1 74cms | 1 74cms | 2021-12-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| 74CMS v6.0.4 was discovered to contain a cross-site scripting (XSS) vulnerability via /index.php?m=&c=help&a=help_list&key. | |||||
| CVE-2021-27190 | 1 Peel | 1 Peel Shopping | 2021-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. | |||||
| CVE-2021-24768 | 1 Wprssaggregator | 1 Wp Rss Aggregator | 2021-12-07 | 3.5 LOW | 4.8 MEDIUM |
| The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues. | |||||
| CVE-2020-19611 | 1 Racktables Project | 1 Racktables | 2021-12-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in redirect module of Racktables version 0.21.2, allows an attacker to inject arbitrary web script or HTML via the op parameter. | |||||
| CVE-2021-40094 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device. | |||||
| CVE-2021-40093 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. | |||||
| CVE-2021-40092 | 1 Squaredup | 1 Squaredup | 2021-12-07 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. | |||||
| CVE-2021-25041 | 1 10web | 1 Photo Gallery | 2021-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Photo Gallery by 10Web WordPress plugin before 1.5.68 is vulnerable to Reflected Cross-Site Scripting (XSS) issues via the bwg_album_breadcrumb_0 and shortcode_id GET parameters passed to the bwg_frontend_data AJAX action | |||||
| CVE-2021-24939 | 1 Profilepress | 1 Loginwp | 2021-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The LoginWP (Formerly Peter's Login Redirect) WordPress plugin before 3.0.0.5 does not sanitise and escape the rul_login_url and rul_logout_url parameter before outputting them back in attributes in an admin page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24935 | 1 Wp Google Fonts Project | 1 Wp Google Fonts | 2021-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Google Fonts WordPress plugin before 3.1.5 does not escape the googlefont_ajax_name and googlefont_ajax_family parameter of the googlefont_action AJAx action (available to any authenticated user) before outputing them in attributes, leading Reflected Cross-Site Scripting issues | |||||
| CVE-2021-24938 | 1 Woocommerce | 1 Woocommerce Currency Switcher | 2021-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WOOCS WordPress plugin before 1.3.7.1 does not sanitise and escape the key parameter of the woocs_update_profiles_data AJAX action (available to any authenticated user) before outputting it back in the response, leading to a Reflected cross-Site Scripting issue | |||||
| CVE-2021-24714 | 1 Soflyy | 1 Wp All Import | 2021-12-06 | 3.5 LOW | 4.8 MEDIUM |
| The Import any XML or CSV File to WordPress plugin before 3.6.3 does not escape the Import's Title and Unique Identifier fields before outputting them in admin pages, which could allow high privilege users to perform Cross-Site attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2016-10925 | 1 Profilepress | 1 Loginwp | 2021-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The peters-login-redirect plugin before 2.9.1 for WordPress has XSS during the editing of redirect URLs. | |||||
| CVE-2021-24718 | 1 Reputeinfosystems | 1 Contact Form\, Survey \& Popup Form Plugin For Wordpress - Arforms Form Builder | 2021-12-06 | 3.5 LOW | 4.8 MEDIUM |
| The Contact Form, Survey & Popup Form Plugin for WordPress plugin before 1.5 does not properly sanitize some of its settings allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24759 | 1 Pdf.js Viewer Project | 1 Pdf.js Viewer | 2021-12-06 | 3.5 LOW | 5.4 MEDIUM |
| The PDF.js Viewer WordPress plugin before 2.0.2 does not escape some of its shortcode and Gutenberg Block attributes, which could allow users with a role as low as Contributor to to perform Cross-Site Scripting attacks | |||||