Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-33512 | 1 Plone | 1 Plone | 2021-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. | |||||
| CVE-2021-33508 | 1 Plone | 1 Plone | 2021-05-24 | 3.5 LOW | 5.4 MEDIUM |
| Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. | |||||
| CVE-2021-24323 | 1 Woocommerce | 1 Woocommerce | 2021-05-24 | 3.5 LOW | 4.8 MEDIUM |
| When taxes are enabled, the "Additional tax classes" field was not properly sanitised or escaped before being output back in the admin dashboard, allowing high privilege users such as admin to use XSS payloads even when the unfiltered_html is disabled | |||||
| CVE-2021-24290 | 1 De-baat | 1 Store Locator Plus | 2021-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| There are several endpoints in the Store Locator Plus for WordPress plugin through 5.5.15 that could allow unauthenticated attackers the ability to inject malicious JavaScript into pages. | |||||
| CVE-2020-24993 | 1 Cmswing | 1 Cmswing | 2021-05-24 | 3.5 LOW | 5.4 MEDIUM |
| There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when visitors access the article module. | |||||
| CVE-2021-24327 | 1 Clogica | 1 Seo Redirection Plugin | 2021-05-24 | 3.5 LOW | 4.8 MEDIUM |
| The SEO Redirection Plugin – 301 Redirect Manager WordPress plugin before 6.4 did not sanitise the Redirect From and Redirect To fields when creating a new redirect in the dashboard, allowing high privilege users (even with the unfiltered_html disabled) to set XSS payloads | |||||
| CVE-2019-10062 | 1 Bluespire | 1 Aurelia Framework | 2021-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The HTMLSanitizer class in html-sanitizer.ts in all released versions of the Aurelia framework 1.x repository is vulnerable to XSS. The sanitizer only attempts to filter SCRIPT elements, which makes it feasible for remote attackers to conduct XSS attacks via (for example) JavaScript code in an attribute of various other elements. An attacker might also exploit a bug in how the SCRIPT string is processed by splitting and nesting them for example. | |||||
| CVE-2021-24326 | 1 Clogica | 1 All 404 Redirect To Homepage | 2021-05-24 | 3.5 LOW | 5.4 MEDIUM |
| The tab parameter of the settings page of the All 404 Redirect to Homepage WordPress plugin before 1.21 was vulnerable to an authenticated reflected Cross-Site Scripting (XSS) issue as user input was not properly sanitised before being output in an attribute. | |||||
| CVE-2021-24325 | 1 Clogica | 1 Seo Redirection Plugin | 2021-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The tab parameter of the settings page of the 404 SEO Redirection WordPress plugin through 1.3 is vulnerable to a reflected Cross-Site Scripting (XSS) issue as user input is not properly sanitised or escaped before being output in an attribute. | |||||
| CVE-2020-19924 | 1 Issuehunt | 1 Boostnote | 2021-05-24 | 3.5 LOW | 5.4 MEDIUM |
| In Boostnote 0.12.1, exporting to PDF contains opportunities for XSS attacks. | |||||
| CVE-2020-29205 | 1 Projectworlds | 1 Travel Management System | 2021-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS in signup form in Project Worlds Online Examination System 1.0 allows remote attacker to inject arbitrary code via the name field | |||||
| CVE-2020-18194 | 1 Emlog | 1 Emlog | 2021-05-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in emlog v6.0.0 allows remote attackers to execute arbitrary code by adding a crafted script as a link to a new blog post. | |||||
| CVE-2020-24992 | 1 Cmswing | 1 Cmswing | 2021-05-24 | 3.5 LOW | 5.4 MEDIUM |
| There is a cross site scripting vulnerability on CmsWing 1.3.7. This vulnerability (stored XSS) is triggered when an administrator accesses the content management module. | |||||
| CVE-2021-24291 | 1 10web | 1 Photo Gallery | 2021-05-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Photo Gallery by 10Web – Mobile-Friendly Image Gallery WordPress plugin before 1.5.69 was vulnerable to Reflected Cross-Site Scripting (XSS) issues via the gallery_id, tag, album_id and _id GET parameters passed to the bwg_frontend_data AJAX action (available to both unauthenticated and authenticated users) | |||||
| CVE-2021-24277 | 1 Wpuslugi | 1 Rss For Yandex Turbo | 2021-05-21 | 3.5 LOW | 5.4 MEDIUM |
| The RSS for Yandex Turbo WordPress plugin before 1.30 did not properly sanitise the user inputs from its Счетчики settings tab before outputting them back in the page, leading to authenticated stored Cross-Site Scripting issues | |||||
| CVE-2021-24283 | 1 Pickplugins | 1 Accordion | 2021-05-21 | 3.5 LOW | 5.4 MEDIUM |
| The tab GET parameter of the settings page is not sanitised or escaped when being output back in an HTML attribute, leading to a reflected XSS issue. | |||||
| CVE-2021-32573 | 1 Express-cart Project | 1 Express-cart | 2021-05-21 | 3.5 LOW | 4.8 MEDIUM |
| ** DISPUTED ** The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website." | |||||
| CVE-2021-24271 | 1 Brainstormforce | 1 Ultimate Addons For Elementor | 2021-05-21 | 3.5 LOW | 5.4 MEDIUM |
| The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method. | |||||
| CVE-2020-18167 | 1 Laobancms | 1 Laobancms | 2021-05-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Homepage Introduction" field of component "admin/info.php?shuyu". | |||||
| CVE-2020-23689 | 1 Yfcmf | 1 Yfcmf | 2021-05-21 | 3.5 LOW | 4.8 MEDIUM |
| In YFCMF v2.3.1, there is a stored XSS vulnerability in the comments section of the news page. | |||||