Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-23962 | 1 Catfish-cms | 1 Catfish Cms | 2021-06-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in Catfish CMS 4.9.90 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "announcement_gonggao" parameter. | |||||
| CVE-2020-18659 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in GetSimpleCMS <=3.3.15 via the (1) sitename, (2) username, and (3) email parameters to /admin/setup.php | |||||
| CVE-2020-18658 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scriptiong (XSS) vulnerability in GetSimpleCMS <=3.3.15 via the timezone parameter to settings.php. | |||||
| CVE-2020-20389 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in GetSimpleCMS 3.4.0a in admin/edit.php. | |||||
| CVE-2021-28977 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files, | |||||
| CVE-2020-20391 | 1 Get-simple | 1 Getsimplecms | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting vulnerability in GetSimpleCMS 3.4.0a in admin/snippets.php via (1) Add Snippet and (2) Save snippets. | |||||
| CVE-2010-4264 | 1 Vanillaforums | 1 Vanilla Forums | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was found in vanilla forums before 2.0.10 a cross-site scripting vulnerability where a filename could contain arbitrary code to execute on the client side. | |||||
| CVE-2021-24369 | 1 Ayecode | 1 Getpaid | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized properly. So it was possible to inject malicious content such as img tags, leading to a Stored Cross-Site Scripting issue which is triggered when the form will be edited, for example when an admin reviews it and could lead to privilege escalation. | |||||
| CVE-2021-34243 | 1 Icehrm | 1 Icehrm | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file. | |||||
| CVE-2021-35045 | 1 Icehrm | 1 Icehrm | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. | |||||
| CVE-2021-24378 | 1 Autoptimize | 1 Autoptimize | 2021-06-25 | 3.5 LOW | 4.8 MEDIUM |
| The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. As a result, it is possible for a high privilege user to upload a malicious file containing JavaScript code inside an archive which will execute when a victim visits index.html inside the plugin directory. | |||||
| CVE-2021-24373 | 1 Getastra | 1 Wp Hardening | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24372 | 1 Getastra | 1 Wp Hardening | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue. | |||||
| CVE-2021-24367 | 1 Wp Config File Editor Project | 1 Wp Config File Editor | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-24366 | 1 Admincolumns | 1 Admin Columns | 2021-06-25 | 3.5 LOW | 5.4 MEDIUM |
| The Admin Columns Free WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1, rendered input on the posted pages with improper input validation on the value passed into the field 'Label' parameter, by taking this as an advantage an authenticated attacker can supply a crafted arbitrary script and execute it. | |||||
| CVE-2021-24364 | 1 Tielabs | 1 Jannah | 2021-06-25 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-24383 | 1 Codecabin | 1 Wp Google Maps | 2021-06-24 | 3.5 LOW | 5.4 MEDIUM |
| The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-24368 | 1 Expresstech | 1 Quiz And Survey Master | 2021-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Quiz And Survey Master – Best Quiz, Exam and Survey Plugin WordPress plugin before 7.1.18 did not sanitise or escape its result_id parameter when displaying an existing quiz result page, leading to a reflected Cross-Site Scripting issue. This could allow for privilege escalation by inducing a logged in admin to open a malicious link | |||||
| CVE-2021-35438 | 1 Phpipam | 1 Phpipam | 2021-06-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | |||||
| CVE-2021-24339 | 1 Podsfoundation | 1 Pods | 2021-06-24 | 3.5 LOW | 5.4 MEDIUM |
| The Pods – Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field parameter. | |||||