Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2007-4189 | 1 Joomla | 1 Joomla\! | 2021-10-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Joomla! before 1.0.13 (aka Sunglow) allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) com_search, (2) com_content, and (3) mod_login components. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2021-24597 | 1 You-shang Project | 1 You-shang | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending on the payload used | |||||
| CVE-2021-3830 | 1 Btcpayserver | 1 Btcpay Server | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-37271 | 1 Baidu | 1 Ueditor | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-37267 | 1 Kindsoft | 1 Kindeditor | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2021-10-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2020-20696 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/content/post of GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Tags field. | |||||
| CVE-2020-20695 | 1 Gilacms | 1 Gila Cms | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in GilaCMS v1.11.4 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG file. | |||||
| CVE-2021-24660 | 1 Wpxpo | 1 Postx - Gutenberg Blocks For Post Grid | 2021-10-01 | 3.5 LOW | 5.4 MEDIUM |
| The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10, with Saved Templates Addon enabled, allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's shortcode. | |||||
| CVE-2021-24659 | 1 Wpxpo | 1 Postx - Gutenberg Blocks For Post Grid | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| The PostX – Gutenberg Blocks for Post Grid WordPress plugin before 2.4.10 allows users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks via the plugin's block. | |||||
| CVE-2020-20508 | 1 Shopkit Project | 1 Shopkit | 2021-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Shopkit v2.7 contains a reflective cross-site scripting (XSS) vulnerability in the /account/register component, which allows attackers to hijack user credentials via a crafted payload in the E-Mail text field. | |||||
| CVE-2021-36875 | 1 Stylemixthemes | 1 Ulisting | 2021-09-30 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability in WordPress uListing plugin (versions <= 2.0.5). Vulnerable parameters: &filter[id], &filter[user], &filter[expired_date], &filter[created_date], &filter[updated_date]. | |||||
| CVE-2021-20554 | 1 Ibm | 1 Sterling Order Management | 2021-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199179. | |||||
| CVE-2021-39307 | 1 Pdftron | 1 Webviewer Ui | 2021-09-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. | |||||
| CVE-2021-40310 | 1 Os4ed | 1 Opensis | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. | |||||
| CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | |||||
| CVE-2021-24670 | 1 Status301 | 1 Coolclock | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| The CoolClock WordPress plugin before 4.3.5 does not escape some shortcode attributes, allowing users with a role as low as Contributor toperform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-36841 | 1 Yithemes | 1 Yith Maintenance Mode | 2021-09-30 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability in YITH Maintenance Mode (WordPress plugin) versions <= 1.3.7, vulnerable parameter &yith_maintenance_newsletter_submit_label. Possible even when unfiltered HTML is disallowed by WordPress configuration. | |||||
| CVE-2020-19950 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /banner/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-19949 | 1 Yzmcms | 1 Yzmcms | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the /link/add.html component of YzmCMS v5.3 allows attackers to execute arbitrary web scripts or HTML. | |||||