Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3879 | 1 Snipeitapp | 1 Snipe-it | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25968 | 1 Alkacon | 1 Opencms | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2021-42650 | 1 Portainer | 1 Portainer | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. | |||||
| CVE-2020-8291 | 1 Rocket.chat | 1 Rocket.chat | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A link preview rendering issue in Rocket.Chat versions before 3.9 could lead to potential XSS attacks. | |||||
| CVE-2021-24734 | 1 Tipsandtricks-hq | 1 Compact Wp Audio Player | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The Compact WP Audio Player WordPress plugin before 1.9.7 does not escape some of its shortcodes attributes, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2021-24732 | 1 Dearhive | 1 Dearflip | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The PDF Flipbook, 3D Flipbook WordPress – DearFlip WordPress plugin before 1.7.10 does not escape the class attribute of its shortcode before outputting it back in an attribute, which could allow users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-24416 | 1 Bplugins | 1 Streamcast Radio Player | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The StreamCast – Radio Player for WordPress plugin before 2.1.1 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24415 | 1 Bplugins | 1 Polo Video Gallery | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The Polo Video Gallery – Best wordpress video gallery plugin WordPress plugin through 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24413 | 1 Bplugins | 1 Easy Twitter Feed | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The Easy Twitter Feed WordPress plugin before 1.2 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24702 | 1 Thimpress | 1 Learnpress | 2021-10-21 | 2.1 LOW | 4.8 MEDIUM |
| The LearnPress WordPress plugin before 4.1.3.1 does not properly sanitize or escape various inputs within course settings, which could allow high privilege users to perform Cross-Site Scripting attacks when the unfiltred_html capability is disallowed | |||||
| CVE-2021-24412 | 1 Bplugins | 1 Html5 Audio Player | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The Html5 Audio Player – Audio Player for WordPress plugin before 2.1.3 does not sanitise or validate the parameters from its shortcode, allowing users with a role as low as contributor to set Cross-Site Scripting payload in them which will be triggered in the page/s with the embed malicious shortcode | |||||
| CVE-2021-24516 | 1 Planso | 1 Planso Forms | 2021-10-21 | 3.5 LOW | 4.8 MEDIUM |
| The PlanSo Forms WordPress plugin through 2.6.3 does not escape the title of its Form before outputting it in attributes, allowing high privilege users such as admin to set XSS payload in it, even when the unfiltered_html is disallowed, leading to an Authenticated Stored Cross-Site Scripting issue. | |||||
| CVE-2021-24617 | 1 Gamepress Project | 1 Gamepress | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GamePress WordPress plugin through 1.1.0 does not escape the op_edit POST parameter before outputting it back in multiple Game Option pages, leading to Reflected Cross-Site Scripting issues | |||||
| CVE-2021-24622 | 1 Emarketdesign | 1 Customer Service Software \& Support Ticket System | 2021-10-21 | 3.5 LOW | 4.8 MEDIUM |
| The Customer Service Software & Support Ticket System WordPress plugin before 5.10.4 does not sanitize or escape form fields before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24612 | 1 Sociable Project | 1 Sociable | 2021-10-21 | 3.5 LOW | 4.8 MEDIUM |
| The Sociable WordPress plugin through 4.3.4.1 does not sanitise or escape some of its settings before outputting them in the admins dashboard, allowing high privilege users to perform Cross-Site Scripting attacks against other users even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-29878 | 1 Ibm | 1 Business Automation Workflow | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581. | |||||
| CVE-2021-24760 | 1 Pdf Viewer Block For Gutenberg Project | 1 Pdf Viewer Block For Gutenberg | 2021-10-21 | 3.5 LOW | 5.4 MEDIUM |
| The Gutenberg PDF Viewer Block WordPress plugin before 1.0.1 does not sanitise and escape its block, which could allow users with a role as low as Contributor to perform Cross-Site Scripting attacks. | |||||
| CVE-2021-42566 | 1 Myfactory | 1 Fms | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| myfactory.FMS before 7.1-912 allows XSS via the Error parameter. | |||||
| CVE-2021-42565 | 1 Myfactory | 1 Fms | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| myfactory.FMS before 7.1-912 allows XSS via the UID parameter. | |||||
| CVE-2018-16061 | 1 Mitsubishielectric | 2 Smartrtu, Smartrtu Firmware | 2021-10-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitsubishi Electric SmartRTU devices allow XSS via the username parameter or PATH_INFO to login.php. | |||||