Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-19294 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /article/comment component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the article comments section. | |||||
| CVE-2020-19293 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in the /article/add component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in a posted article. | |||||
| CVE-2020-19295 | 1 Jeesns | 1 Jeesns | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the /weibo/topic component of Jeesns 1.4.2 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-25790 | 1 House Rental And Property Listing Php Project | 1 House Rental And Property Listing Php | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. | |||||
| CVE-2021-32764 | 1 Discourse | 1 Discourse | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Discourse is an open-source discussion platform. In Discourse versions 2.7.5 and prior, parsing and rendering of YouTube Oneboxes can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. The issue is patched in `stable` version 2.7.6, `beta` version 2.8.0.beta3, and `tests-passed` version 2.8.0.beta3. As a workaround, ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2021-33483 | 1 Onyaktech Comments Pro Project | 1 Onyaktech Comments Pro | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in CommentsService.ashx in OnyakTech Comments Pro 3.8. The comment posting functionality allows an attacker to add an XSS payload to the JSON request that will execute when users visit the page with the comment. | |||||
| CVE-2014-5069 | 1 Microsemi | 2 S350i, S350i Firmware | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Symmetricom s350i 2.70.15 allows remote attackers to inject arbitrary web script or HTML via vectors involving system logs. | |||||
| CVE-2021-24611 | 1 Keyword Meta Project | 1 Keyword Meta | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| The Keyword Meta WordPress plugin through 3.0 does not sanitise of escape its settings before outputting them back in the page after they are saved, allowing for Cross-Site Scripting issues. Furthermore, it is also lacking any CSRF check, allowing attacker to make a logged in high privilege user save arbitrary setting via a CSRF attack. | |||||
| CVE-2017-16836 | 1 Commscope | 2 Arris Tg1682g, Arris Tg1682g Firmware | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Arris TG1682G devices with Comcast TG1682_2.0s7_PRODse 10.0.59.SIP.PC20.CT software allow Unauthenticated Stored XSS via the actionHandler/ajax_managed_services.php service parameter. | |||||
| CVE-2015-6027 | 1 Castlerock | 1 Snmpc | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Castle Rock Computing SNMPc before 2015-12-17 has XSS via SNMP. | |||||
| CVE-2021-30171 | 1 Junhetec | 1 Enterprise Resource Planning Point Of Sale System | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2021-30170 | 1 Junhetec | 1 Enterprise Resource Planning Point Of Sale System | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2016-1160 | 1 Wp Favorite Posts Project | 1 Wp Favorite Posts | 2021-09-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the WP Favorite Posts plugin before 1.6.6 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2015-1494 | 1 Colorlib | 1 Fancybox | 2021-09-13 | 4.3 MEDIUM | N/A |
| The FancyBox for WordPress plugin before 3.0.3 for WordPress does not properly restrict access, which allows remote attackers to conduct cross-site scripting (XSS) attacks via an mfbfw[*] parameter in an update action to wp-admin/admin-post.php, as demonstrated by the mfbfw[padding] parameter and exploited in the wild in February 2015. | |||||
| CVE-2021-25204 | 1 E-commerce Website Project | 1 E-commerce Website | 2021-09-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. | |||||
| CVE-2021-24599 | 1 Wp-webhooks | 1 Email Encoder | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Email Encoder – Protect Email Addresses WordPress plugin before 2.1.2 has an endpoint that requires no authentication and will render a user supplied value in the HTML response without escaping or sanitizing the data. | |||||
| CVE-2021-32782 | 1 Nextcloud | 1 Circles | 2021-09-10 | 3.5 LOW | 5.4 MEDIUM |
| Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application is vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Circles application is upgraded to 0.21.3, 0.20.10 or 0.19.14 to resolve this issue. As a workaround users may use a browser that has support for Content-Security-Policy. A notable exemption is Internet Explorer which does not support CSP properly. | |||||
| CVE-2021-24590 | 1 Gdprinfo | 1 Cookie Notice \& Consent Banner For Gdpr \& Ccpa Compliance | 2021-09-10 | 3.5 LOW | 5.4 MEDIUM |
| The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options. | |||||
| CVE-2021-38707 | 1 Cliniccases | 1 Cliniccases | 2021-09-10 | 3.5 LOW | 5.4 MEDIUM |
| Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft. | |||||
| CVE-2021-23439 | 1 File-upload-with-preview Project | 1 File-upload-with-preview | 2021-09-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). | |||||