Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39599 | 1 Cxuu | 1 Cxuucms | 2021-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | |||||
| CVE-2021-39362 | 1 Recaptcha Solver Project | 1 Recaptcha Solver | 2021-08-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers. | |||||
| CVE-2021-39136 | 1 Basercms | 1 Basercms | 2021-08-30 | 3.5 LOW | 5.4 MEDIUM |
| baserCMS is an open source content management system with a focus on Japanese language support. In affected versions there is a cross-site scripting vulnerability in the file upload function of the management system of baserCMS. Users are advised to update as soon as possible. No workaround are available to mitigate this issue. | |||||
| CVE-2021-24561 | 1 Veronalabs | 1 Wp Sms | 2021-08-30 | 3.5 LOW | 5.4 MEDIUM |
| The WP SMS WordPress plugin before 5.4.13 does not sanitise the "wp_group_name" parameter before outputting it back in the "Groups" page, leading to an Authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2020-18468 | 1 Qdpm | 1 Qdpm | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in qdPM 9.1 in the Heading field found in the Login Page page under the General menu via a crafted website name by doing an authenticated POST HTTP request to /qdPM_9.1/index.php/configuration. | |||||
| CVE-2020-18467 | 1 Bigtreecms | 1 Bigtree Cms | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerabilty exists in BigTree-CMS 4.4.3 in the tag name field found in the Tags page under the General menu via a crafted website name by doing an authenticated POST HTTP request to admin/tags/create. | |||||
| CVE-2021-38559 | 1 Digitaldruid | 1 Hoteldruid | 2021-08-27 | 4.3 MEDIUM | 6.1 MEDIUM |
| DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter. | |||||
| CVE-2020-18469 | 1 Rukovoditel | 1 Rukovoditel | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Copyright Text field found in the Application page under the Configuration menu in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to /rukovoditel_2.4.1/index.php?module=configuration/save&redirect_to=configuration/application. | |||||
| CVE-2020-18470 | 1 Rukovoditel | 1 Rukovoditel | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) vulnerability in the Name of application field found in the General Configuration page in Rukovoditel 2.4.1 allows remote attackers to inject arbitrary web script or HTML via a crafted website name by doing an authenticated POST HTTP request to rukovoditel_2.4.1/install/index.php. | |||||
| CVE-2020-18475 | 1 Hucart | 1 Hucart | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerabilty exists in Hucart CMS 5.7.4 is via the mes_title field. The first user inserts a malicious script into the header field of the outbox and sends it to other users. When other users open the email, the malicious code will be executed. | |||||
| CVE-2021-24558 | 1 3.7designs | 1 Project Status | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| The pspin_duplicate_post_save_as_new_post function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue | |||||
| CVE-2021-30044 | 1 Remoteclinic | 1 Remote Clinic | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. | |||||
| CVE-2021-30042 | 1 Remoteclinic | 1 Remote Clinic | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php | |||||
| CVE-2021-30039 | 1 Remoteclinic | 1 Remote Clinic | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php. | |||||
| CVE-2021-30030 | 1 Remoteclinic | 1 Remote Clinic | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. | |||||
| CVE-2021-30034 | 1 Remoteclinic | 1 Remote Clinic | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. | |||||
| CVE-2019-18223 | 1 Eleveo | 1 Call Recording | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| ZOOM International Call Recording 6.3.1 suffers from multiple authenticated stored XSS vulnerabilities via the phoneNumber field in the (1) User Edit or (2) User Add form, (3) name field in the Role Add form, (4) name or number field in the Edit Group form, (5) tagKey or tagValue field in the Recording Rules Configuration, or (6) txt_69735:/VemailAddress/value or txt_75767:/VemailFrom/value field in callrec/config. | |||||
| CVE-2021-3694 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2021-08-27 | 6.8 MEDIUM | 9.6 CRITICAL |
| LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | |||||
| CVE-2021-3693 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2021-08-27 | 6.8 MEDIUM | 9.6 CRITICAL |
| LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | |||||
| CVE-2021-24564 | 1 Wpfront | 1 Scroll Top | 2021-08-27 | 3.5 LOW | 5.4 MEDIUM |
| The WPFront Scroll Top WordPress plugin before 2.0.6.07225 does not sanitise or escape its Image ALT setting before outputting it attributes, leading to an Authenticated Stored Cross-Site Scripting issues even when the unfiltered_html capability is disallowed. | |||||