Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38702 | 1 Cyberoamworks | 2 Netgenie C0101b1-20141120-ng11vo, Netgenie C0101b1-20141120-ng11vo Firmware | 2021-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks. | |||||
| CVE-2020-18455 | 1 Bycms Project | 1 Bycms | 2021-08-25 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php. | |||||
| CVE-2021-20792 | 1 Expresstech | 1 Quiz And Survey Master | 2021-08-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Quiz And Survey Master versions prior to 7.1.14 allows a remote attacker to inject arbitrary script via unspecified vectors. | |||||
| CVE-2021-37710 | 1 Shopware | 1 Shopware | 2021-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
| CVE-2021-38583 | 1 Openbaraza | 1 Openbaraza Human Capital Management | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=). | |||||
| CVE-2021-29313 | 1 Seacms | 1 Seacms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | |||||
| CVE-2021-34656 | 1 Videowhisper | 1 2way Videocalls And Random Chat | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | |||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | |||||
| CVE-2021-34654 | 1 Custom Post Type Relations Project | 1 Custom Post Type Relations | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-34655 | 1 Wp Songbook Project | 1 Wp Songbook | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11. | |||||
| CVE-2021-34663 | 1 Arvtard | 1 Jquery Tagline Rotator | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The jQuery Tagline Rotator WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/jquery-tagline-rotator.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.5. | |||||
| CVE-2021-34664 | 1 Moova | 1 Moova For Woocommerce | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Moova for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the lat parameter in the ~/Checkout/Checkout.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5. | |||||
| CVE-2021-38710 | 1 Yclas | 1 Yclas | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter. | |||||
| CVE-2020-28146 | 1 Eyoucms | 1 Eyoucms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Eyoucms v1.4.7 and earlier via the addonfieldext parameter. | |||||
| CVE-2021-39286 | 1 Webrecorder | 1 Pywb | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped. | |||||
| CVE-2021-34665 | 1 Wp Seo Tags Project | 1 Wp Seo Tags | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP SEO Tags WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the saq_txt_the_filter parameter in the ~/wp-seo-tags.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.7. | |||||
| CVE-2021-34666 | 1 Add Sidebar Project | 1 Add Sidebar | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Add Sidebar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the add parameter in the ~/wp_sidebarMenu.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.0. | |||||
| CVE-2021-29056 | 1 Pixelimity | 1 Pixelimity | 2021-08-24 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php. | |||||
| CVE-2021-20774 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20770 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||