Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3646 | 1 Btcpayserver | 1 Btcpay Server | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-27889 | 1 Mybb | 1 Mybb | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in MyBB before 1.8.26 via Nested Auto URL when parsing messages. | |||||
| CVE-2021-24477 | 1 Migrate Users Project | 1 Migrate Users | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Migrate Users WordPress plugin through 1.0.1 does not sanitise or escape its Delimiter option before outputting in a page, leading to a Stored Cross-Site Scripting issue. Furthermore, the plugin does not have CSRF check in place when saving its options, allowing the issue to be exploited via a CSRF attack. | |||||
| CVE-2021-23411 | 1 Anchorme Project | 1 Anchorme | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction. | |||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2021-09-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | |||||
| CVE-2021-35061 | 1 Drk-odenwaldkreis | 1 Testerfassung | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components. | |||||
| CVE-2020-24723 | 1 User Registration \& Login And User Management System Project | 1 User Registration \& Login And User Management System | 2021-09-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the Registration page of the admin panel in PHPGurukul User Registration & Login and User Management System With admin panel 2.1. | |||||
| CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | |||||
| CVE-2021-38354 | 1 Gnu-mailman Integration Project | 1 Gnu-mailman Integration | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | |||||
| CVE-2021-38355 | 1 Bug Library Project | 1 Bug Library | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. | |||||
| CVE-2021-38349 | 1 Techastha | 1 Integration Of Moneybird For Woocommerce | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. | |||||
| CVE-2021-38348 | 1 Advance Search Project | 1 Advance Search | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2. | |||||
| CVE-2021-38347 | 1 Custom Website Data Project | 1 Custom Website Data | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. | |||||
| CVE-2021-38340 | 1 Wordpress Simple Shop Project | 1 Wordpress Simple Shop | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-38338 | 1 Border Loading Bar Project | 1 Border Loading Bar | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | |||||
| CVE-2021-38359 | 1 Invitebox | 1 Invitebox | 2021-09-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. | |||||
| CVE-2021-27658 | 1 Johnsoncontrols | 1 Exacqvision Enterprise Manager | 2021-09-20 | 3.5 LOW | 5.4 MEDIUM |
| exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2021-27659 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2021-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | |||||
| CVE-2020-19515 | 1 Qdpm | 1 Qdpm | 2021-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| qdPM V9.1 is vulnerable to Cross Site Scripting (XSS) via qdPM\install\modules\database_config.php. | |||||
| CVE-2021-20293 | 2 Netapp, Redhat | 2 Oncommand Insight, Resteasy | 2021-09-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected Cross-Site Scripting (XSS) flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final, where it did not properly handle URL encoding when calling @javax.ws.rs.PathParam without any @Produces MediaType. This flaw allows an attacker to launch a reflected XSS attack. The highest threat from this vulnerability is to data confidentiality and integrity. | |||||