Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2014-5108 | 2 Concrete5, Concretecms | 2 Concrete5, Concrete Cms | 2021-07-15 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to index.php/download_file. | |||||
| CVE-2011-3183 | 1 Concretecms | 1 Concrete Cms | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in the rcID parameter in Concrete CMS 5.4.1.1 and earlier. | |||||
| CVE-2021-36214 | 1 Linecorp | 1 Line | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| LINE client for iOS before 10.16.3 allows cross site script with specific header in WebView. | |||||
| CVE-2020-26153 | 1 Eventespresso | 1 Event Espresso | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in wp-content/plugins/event-espresso-core-reg/admin_pages/messages/templates/ee_msg_admin_overview.template.php in the Event Espresso Core plugin before 4.10.7.p for WordPress allows remote attackers to inject arbitrary web script or HTML via the page parameter. | |||||
| CVE-2021-24454 | 1 Yop-poll | 1 Yop Poll | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the YOP Poll WordPress plugin before 6.2.8, when a pool is created with the options "Allow other answers", "Display other answers in the result list" and "Show results", it can lead to Stored Cross-Site Scripting issues as the 'Other' answer is not sanitised before being output in the page. The execution of the XSS payload depends on the 'Show results' option selected, which could be before or after sending the vote for example. | |||||
| CVE-2020-25879 | 1 Codologic | 1 Codoforum | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter. | |||||
| CVE-2020-25878 | 1 Blackcat-cms | 1 Blackcat Cms | 2021-07-15 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the 'Admin-Tools' feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the 'Output Filters' and 'Droplets' modules. | |||||
| CVE-2021-24440 | 1 Fetchdesigns | 1 Sign-up Sheets | 2021-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The Sign-up Sheets WordPress plugin before 1.0.14 did not sanitise or escape some of its fields when creating a new sheet, allowing high privilege users to add JavaScript in them, leading to a Stored Cross-Site Scripting issue. The payloads will be triggered when viewing the 'All Sheets' page in the admin dashboard | |||||
| CVE-2021-24439 | 1 Prothemedesign | 1 Browser Screenshots | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| The Browser Screenshots WordPress plugin before 1.7.6 allowed authenticated users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks as the image_class parameter of the browser-shot shortcode was not escaped. | |||||
| CVE-2021-24429 | 1 Salonbookingsystem | 1 Salon Booking System | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Salon booking system WordPress plugin before 6.3.1 does not properly sanitise and escape the First Name field when booking an appointment, allowing low privilege users such as subscriber to set JavaScript in them, leading to a Stored Cross-Site Scripting (XSS) vulnerability. The Payload will then be triggered when an admin visits the "Calendar" page and the malicious script is executed in the admin context. | |||||
| CVE-2021-29712 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 200966. | |||||
| CVE-2021-24427 | 1 Boldgrid | 1 W3 Total Cache | 2021-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The W3 Total Cache WordPress plugin before 2.1.3 did not sanitise or escape some of its CDN settings, allowing high privilege users to use JavaScript in them, which will be output in the page, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-24424 | 1 Webfactoryltd | 1 Wp Reset | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| The WP Reset – Most Advanced WordPress Reset Tool WordPress plugin before 1.90 did not sanitise or escape its extra_data parameter when creating a snapshot via the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-24421 | 1 Eyecix | 1 Jobsearch Wp Job Board | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| The WP JobSearch WordPress plugin before 1.7.4 did not sanitise or escape multiple of its parameters from the my-resume page before outputting them in the page, allowing low privilege users to use JavaScript payloads in them and leading to a Stored Cross-Site Scripting issue | |||||
| CVE-2021-24419 | 1 Wp Youtube Lyte Project | 1 Wp Youtube Lyte | 2021-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The WP YouTube Lyte WordPress plugin before 1.7.16 did not sanitise or escape its lyte_yt_api_key and lyte_notification settings before outputting them back in the page, allowing high privilege users to set XSS payload on them and leading to stored Cross-Site Scripting issues. | |||||
| CVE-2021-29804 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204262. | |||||
| CVE-2021-24418 | 1 Smooth Scroll Page Up\/down Buttons Project | 1 Smooth Scroll Page Up\/down Buttons | 2021-07-15 | 3.5 LOW | 4.8 MEDIUM |
| The Smooth Scroll Page Up/Down Buttons WordPress plugin through 1.4 does not properly sanitise and validate its psb_positioning settings, allowing high privilege users such as admin to set an XSS payload in it, which will be executed in all pages of the blog | |||||
| CVE-2021-29805 | 1 Ibm | 1 Tivoli Netcool\/omnibus Gui | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204263. | |||||
| CVE-2021-24409 | 1 Plugin-planet | 1 Prismatic | 2021-07-15 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Prismatic WordPress plugin before 2.8 does not escape the 'tab' GET parameter before outputting it back in an attribute, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator | |||||
| CVE-2021-24408 | 1 Plugin-planet | 1 Prismatic | 2021-07-15 | 3.5 LOW | 5.4 MEDIUM |
| The Prismatic WordPress plugin before 2.8 does not sanitise or validate some of its shortcode parameters, allowing users with a role as low as Contributor to set Cross-Site payload in them. A post made by a contributor would still have to be approved by an admin to have the XSS trigger able in the frontend, however, higher privilege users, such as editor could exploit this without the need of approval, and even when the blog disallows the unfiltered_html capability. | |||||