Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20584 | 1 Baigo | 1 Baigo Cms | 2021-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting vulnerability in baigo CMS v4.0-beta-1 allows attackers to execute arbitrary web scripts or HTML via the form parameter post to /public/console/profile/info-submit/. | |||||
| CVE-2020-23700 | 1 Lavalite | 1 Lavalite | 2021-07-12 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in LavaLite-CMS 5.8.0 via the Menu Links feature. | |||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it | |||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. | |||||
| CVE-2020-24145 | 1 Cminds | 1 Cm Download Manager | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via a crafted deletescreenshot action. | |||||
| CVE-2020-25925 | 1 Icewarp | 1 Webclient | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Webmail Calender in IceWarp WebClient 10.3.5 allows remote attackers to inject arbitrary web script or HTML via the "p4" field. | |||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown | |||||
| CVE-2021-24494 | 1 Deliciousbrains | 1 Wp Offload Ses Lite | 2021-07-09 | 3.5 LOW | 5.4 MEDIUM |
| The WP Offload SES Lite WordPress plugin before 1.4.5 did not escape some of the fields in the Activity page of the admin dashboard, such as the email's id, subject and recipient, which could lead to Stored Cross-Site Scripting issues when an attacker can control any of these fields, like the subject when filling a contact form for example. The XSS will be executed in the context of a logged in admin viewing the Activity tab of the plugin. | |||||
| CVE-2021-27930 | 1 Irislink | 1 Irisnext | 2021-07-09 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored XSS vulnerabilities in IrisNext Edition 9.5.16, which allows an authenticated (or compromised) user to inject malicious JavaScript in folder/file name within the application in order to grab other users’ sessions or execute malicious code in their browsers (1-click RCE). | |||||
| CVE-2021-35207 | 1 Zimbra | 1 Collaboration | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url. | |||||
| CVE-2021-32737 | 1 Sulu | 1 Sulu | 2021-07-09 | 3.5 LOW | 4.8 MEDIUM |
| Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating. | |||||
| CVE-2021-24389 | 1 Chimpgroup | 1 Foodbakery | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Foodbakery WordPress plugin before 2.2, used in the FoodBakery WordPress theme before 2.2 did not properly sanitize the foodbakery_radius parameter before outputting it back in the response, leading to an unauthenticated Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-24387 | 1 Contempothemes | 1 Real Estate 7 | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Pro Real Estate 7 WordPress theme before 3.1.1 did not properly sanitise the ct_community parameter in its search listing page before outputting it back in it, leading to a reflected Cross-Site Scripting which can be triggered in both unauthenticated or authenticated user context | |||||
| CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2021-07-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link | |||||
| CVE-2021-24386 | 1 Kubiq | 1 Wp Svg Images | 2021-07-09 | 3.5 LOW | 5.4 MEDIUM |
| The WP SVG images WordPress plugin before 3.4 did not sanitise the SVG files uploaded, which could allow low privilege users such as author+ to upload a malicious SVG and then perform XSS attacks by inducing another user to access the file directly. In v3.4, the plugin restricted such upload to editors and admin, with an option to also allow author to do so. The description of the plugin has also been updated with a security warning as upload of such content is intended. | |||||
| CVE-2021-34625 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2021-07-08 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and prior. | |||||
| CVE-2021-36212 | 1 Misp | 1 Misp | 2021-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| app/View/SharingGroups/view.ctp in MISP before 2.4.146 allows stored XSS in the sharing groups view. | |||||
| CVE-2021-34190 | 1 Issabel | 1 Pbx | 2021-07-08 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module. | |||||
| CVE-2020-23697 | 1 Monstra | 1 Monstra Cms | 2021-07-08 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting vulnerabilty in Monstra CMS 3.0.4 via the page feature in admin/index.php. | |||||
| CVE-2021-33192 | 1 Apache | 1 Jena Fuseki | 2021-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive). | |||||