Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24924 | 1 Email Log Project | 1 Email Log | 2021-12-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Email Log WordPress plugin before 2.4.8 does not escape the d parameter before outputting it back in an attribute in the Log page, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-35415 | 1 Chamilo | 1 Chamilo Lms | 2021-12-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. | |||||
| CVE-2021-43991 | 1 Kentico | 1 Xperience | 2021-12-06 | 3.5 LOW | 5.4 MEDIUM |
| The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. | |||||
| CVE-2015-20105 | 1 Cbads | 1 Clickbank Affiliate Ads | 2021-12-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not have CSRF check when saving its settings, allowing attacker to make logged in admin change them via a CSRF attack. Furthermore, due to the lack of escaping when they are outputting, it could also lead to Stored Cross-Site Scripting issues | |||||
| CVE-2015-20106 | 1 Cbads | 1 Clickbank Affiliate Ads | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2020-13947 | 2 Apache, Oracle | 3 Activemq, Communications Session Report Manager, Communications Session Route Manager | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | |||||
| CVE-2021-40577 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2021-12-03 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. | |||||
| CVE-2021-24247 | 1 Mooveagency | 1 Contact Form Check Tester | 2021-12-03 | 3.5 LOW | 5.4 MEDIUM |
| The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin. | |||||
| CVE-2021-25785 | 1 Taogogo | 1 Taocms | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | |||||
| CVE-2021-24169 | 1 Algolplus | 1 Advanced Order Export | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. | |||||
| CVE-2021-27520 | 1 Fudforum | 1 Fudforum | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. | |||||
| CVE-2021-27519 | 1 Fudforum | 1 Fudforum | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. | |||||
| CVE-2021-28420 | 1 Seopanel | 1 Seo Panel | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | |||||
| CVE-2021-28418 | 1 Seopanel | 1 Seo Panel | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | |||||
| CVE-2021-28417 | 1 Seopanel | 1 Seo Panel | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | |||||
| CVE-2021-3150 | 1 Cryptshare | 1 Cryptshare Server | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 | |||||
| CVE-2021-21080 | 1 Adobe | 1 Connect | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-21079 | 1 Adobe | 1 Connect | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2020-35037 | 1 Wp-events-plugin | 1 Events Manager | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues | |||||
| CVE-2021-44279 | 1 Librenms | 1 Librenms | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | |||||