Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20769 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20766 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20767 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20765 | 1 Cybozu | 1 Garoon | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20753 | 1 Cybozu | 1 Garoon | 2021-08-24 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-22936 | 1 Pulsesecure | 1 Pulse Connect Secure | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in Pulse Connect Secure before 9.1R12 could allow a threat actor to perform a cross-site script attack against an authenticated administrator via an unsanitized web parameter. | |||||
| CVE-2021-39268 | 1 Salesagility | 1 Suitecrm | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed. | |||||
| CVE-2021-39267 | 1 Salesagility | 1 Suitecrm | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution (such as text/xml) are not blocked. | |||||
| CVE-2020-23341 | 1 Atutor | 1 Atutor | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in the /header.tmpl.php component of ATutor 2.2.4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-38709 | 1 Compo | 1 Composr Cms | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | |||||
| CVE-2021-38315 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. | |||||
| CVE-2021-34667 | 1 Calendar Plugin Project | 1 Calendar Plugin | 2021-08-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Calendar_plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of `$_SERVER['PHP_SELF']` in the ~/calendar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-34657 | 1 Typofr Project | 1 Typofr | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 2TypoFR WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the text function found in the ~/vendor/Org_Heigl/Hyphenator/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.11. | |||||
| CVE-2021-34658 | 1 Keszites | 1 Simple Popup Newsletter | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Popup Newsletter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/simple-popup-newsletter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.7. | |||||
| CVE-2021-34659 | 1 Sizmic | 1 Plugmatter Pricing Table | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Plugmatter Pricing Table Lite WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `email` parameter in the ~/license.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.32. | |||||
| CVE-2021-38619 | 1 Openbaraza | 1 Openbaraza Human Capital Management | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=). | |||||
| CVE-2021-34641 | 1 Seopress | 1 Seopress | 2021-08-23 | 3.5 LOW | 5.4 MEDIUM |
| The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. | |||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | |||||
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | |||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2021-08-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | |||||