Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-6578 | 1 Zen-cart | 1 Zen Cart | 2021-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zen Cart 1.5.6d allows reflected XSS via the main_page parameter to includes/templates/template_default/common/tpl_main_page.php or includes/templates/responsive_classic/common/tpl_main_page.php. | |||||
| CVE-2021-29025 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI. | |||||
| CVE-2021-24136 | 1 Axelerant | 1 Testimonials Widget | 2021-03-24 | 3.5 LOW | 5.4 MEDIUM |
| Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL | |||||
| CVE-2021-24126 | 1 Enviragallery | 1 Envira Gallery | 2021-03-24 | 3.5 LOW | 5.4 MEDIUM |
| Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | |||||
| CVE-2021-27310 | 1 Csphere | 1 Clansphere | 2021-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. | |||||
| CVE-2021-27309 | 1 Csphere | 1 Clansphere | 2021-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. | |||||
| CVE-2021-25922 | 1 Open-emr | 1 Openemr | 2021-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code. | |||||
| CVE-2021-25919 | 1 Open-emr | 1 Openemr | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | |||||
| CVE-2021-25921 | 1 Open-emr | 1 Openemr | 2021-03-24 | 3.5 LOW | 5.4 MEDIUM |
| In OpenEMR, versions 2.7.3-rc1 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly in the `Allergies` section. An attacker could lure an admin to enter a malicious payload and by that initiate the exploit. | |||||
| CVE-2021-28968 | 1 Gnu | 1 Punbb | 2021-03-24 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message. | |||||
| CVE-2021-24129 | 1 Themify | 1 Portfolio Post | 2021-03-24 | 3.5 LOW | 5.4 MEDIUM |
| Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. | |||||
| CVE-2021-24134 | 1 Constantcontact | 1 Constant Contact Forms | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. | |||||
| CVE-2021-24135 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2021-03-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. | |||||
| CVE-2021-29031 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI. | |||||
| CVE-2021-29032 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI. | |||||
| CVE-2021-29033 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI. | |||||
| CVE-2021-29030 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI. | |||||
| CVE-2021-29029 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI. | |||||
| CVE-2021-29026 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI. | |||||
| CVE-2021-29027 | 1 Bitweaver | 1 Bitweaver | 2021-03-24 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI. | |||||