Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39496 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
|
|||||
| CVE-2021-39491 | 1 Rengine Project | 1 Rengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
|
|||||
| CVE-2021-39486 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
|
|||||
| CVE-2021-39421 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
|
|||||
| CVE-2021-39420 | 1 Vfront | 1 Vfront | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.
|
|||||
| CVE-2021-39416 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last ...
Show More |
|||||
| CVE-2021-39413 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) ...
Show More |
|||||
| CVE-2021-39412 | 1 Shopping Portal Project | 1 Shopping Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.
|
|||||
| CVE-2021-39411 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
|
|||||
| CVE-2021-39408 | 1 Online Student Rate System Project | 1 Online Student Rate System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file
|
|||||
| CVE-2021-39404 | 1 Maianaffiliate | 1 Maianaffiliate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.
|
|||||
| CVE-2021-39393 | 1 Mm-wiki Project | 1 Mm-wiki | 2024-11-21 | N/A | 6.1 MEDIUM |
|
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor.
|
|||||
| CVE-2021-39391 | 1 Beego | 1 Beego | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.
|
|||||
| CVE-2021-39390 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter.
|
|||||
| CVE-2021-39368 | 1 Canon | 1 Oce Print Exec Workgroup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter.
|
|||||
| CVE-2021-39362 | 1 Recaptcha Solver Project | 1 Recaptcha Solver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers.
|
|||||
| CVE-2021-39357 | 1 Zeen101 | 1 Leaky Paywall | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39356 | 1 Content Staging Project | 1 Content Staging | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
The Content Staging WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via several parameters that are echo'd out via the ~/templates/settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39355 | 1 Indeed-job-importer Project | 1 Indeed-job-importer | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39349 | 1 Author Bio Box Project | 1 Author Bio Box | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39348 | 1 Thimpress | 1 Learnpress | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
The LearnPress WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $custom_profile parameter found in the ~/inc/admin/views/backend-user-profile.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.1.3.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. Please note that this is seperate ...
Show More |
|||||
| CVE-2021-39346 | 1 Supsystic | 1 Easy Google Maps | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
|
The Google Maps Easy WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/modules/marker_groups/views/tpl/mgrEditMarkerGroup.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.9.33. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39345 | 1 Cnrs | 1 Hal | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39344 | 1 Kajoom | 1 Kjm Admin Notices | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39340 | 1 Bracketspace | 1 Notification | 2024-11-21 | 2.1 LOW | 4.8 MEDIUM |
|
The Notification WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/classes/Utils/Settings.php file which made it possible for attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 7.2.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39338 | 1 Mybb Cross-poster Project | 1 Mybb Cross-poster | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39337 | 1 Job-portal Project | 1 Job-portal | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/jobs_function.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39336 | 1 Wp-jobmanager | 1 Job Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39335 | 1 Wpgenious | 1 Wpgenius Job Listing | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disab ...
Show More |
|||||
| CVE-2021-39334 | 1 Perceptionsystem | 1 Job Board Vanila | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
|
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39329 | 1 Ultimatemember | 1 Jobboardwp | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-39328 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is ...
Show More |
|||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0.
|
|||||
| CVE-2021-39322 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
|
|||||
| CVE-2021-39320 | 1 Underconstruction Project | 1 Underconstruction | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path.
|
|||||
| CVE-2021-39319 | 1 Duogeek | 1 Duofaq-responsive-flat-simple-faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8.
|
|||||
| CVE-2021-39318 | 1 H5p-css-editor Project | 1 H5p-css-editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.
|
|||||
| CVE-2021-39315 | 1 Magic-post-voice Project | 1 Magic-post-voice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
|
|||||
| CVE-2021-39314 | 1 Wanderlust-webdesign | 1 Woo-enviopack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
|
|||||
| CVE-2021-39313 | 1 Duogeek | 1 Simple Image Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.
|
|||||