Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38152 | 1 Chikitsa | 1 Patient Management System | 2021-09-20 | 3.5 LOW | 5.4 MEDIUM |
| index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. | |||||
| CVE-2021-36871 | 1 Codecabin | 1 Wp Google Maps | 2021-09-17 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps Pro premium plugin (versions <= 8.1.11). Vulnerable parameters: &wpgmaps_marker_category_name, Value > &attributes[], Name > &attributes[], &icons[], &names[], &description, &link, &title. | |||||
| CVE-2021-36870 | 1 Codecabin | 1 Wp Google Maps | 2021-09-17 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address. | |||||
| CVE-2021-30689 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2021-09-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-29011 | 1 Dmasoftlab | 1 Dma Radius Manager | 2021-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php). | |||||
| CVE-2021-1826 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2021-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2019-16562 | 1 Jenkins | 1 Buildgraph-view | 2021-09-16 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins buildgraph-view Plugin 1.8 and earlier does not escape the description of builds shown in its view, resulting in a stored XSS vulnerability exploitable by users able to change build descriptions. | |||||
| CVE-2020-1760 | 5 Canonical, Debian, Fedoraproject and 2 more | 6 Ubuntu Linux, Debian Linux, Fedora and 3 more | 2021-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in the Ceph Object Gateway, where it supports request sent by an anonymous user in Amazon S3. This flaw could lead to potential XSS attacks due to the lack of proper neutralization of untrusted input. | |||||
| CVE-2021-1825 | 1 Apple | 8 Icloud, Ipados, Iphone Os and 5 more | 2021-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2021-32106 | 1 Icecoder | 1 Icecoder | 2021-09-16 | 3.5 LOW | 5.4 MEDIUM |
| In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed. | |||||
| CVE-2021-36563 | 1 Checkmk | 1 Checkmk | 2021-09-16 | 3.5 LOW | 5.4 MEDIUM |
| The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session. | |||||
| CVE-2020-24553 | 4 Fedoraproject, Golang, Opensuse and 1 more | 4 Fedora, Go, Leap and 1 more | 2021-09-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. | |||||
| CVE-2021-38341 | 1 Dreamfoxmedia | 1 Woocommerce Payment Gateway Per Category | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10. | |||||
| CVE-2021-38353 | 1 Webodid | 1 Dropdown And Scrollable Text | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. | |||||
| CVE-2021-38350 | 1 Spideranalyse Project | 1 Spideranalyse | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. | |||||
| CVE-2021-38351 | 1 Outsidesource | 1 Osd Subscribe | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. | |||||
| CVE-2021-38339 | 1 Devondev | 1 Simple Matted Thumbnails | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01. | |||||
| CVE-2021-38357 | 1 Elyazalee | 1 Sms-ovh | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. | |||||
| CVE-2021-38332 | 1 Ops-robots-txt Project | 1 Ops-robots-txt | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The On Page SEO + Whatsapp Chat Button Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1. | |||||
| CVE-2021-38330 | 1 Tromit | 1 Yabp | 2021-09-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4. | |||||