Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38583 | 1 Openbaraza | 1 Openbaraza Human Capital Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
|
|||||
| CVE-2021-38560 | 1 Ivanti | 1 Service Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.
|
|||||
| CVE-2021-38559 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
|
|||||
| CVE-2021-38538 | 1 Netgear | 30 D7800, D7800 Firmware, R7800 and 27 more | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.
|
|||||
| CVE-2021-38537 | 1 Netgear | 36 Ac2100, Ac2100 Firmware, Ac2400 and 33 more | 2024-11-21 | 3.5 LOW | 4.2 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
|
|||||
| CVE-2021-38536 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 bef ...
Show More |
|||||
| CVE-2021-38535 | 1 Netgear | 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more | 2024-11-21 | 3.5 LOW | 4.3 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 bef ...
Show More |
|||||
| CVE-2021-38534 | 1 Netgear | 86 D3600, D3600 Firmware, D6000 and 83 more | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R62 ...
Show More |
|||||
| CVE-2021-38533 | 1 Netgear | 2 Rax40, Rax40 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.
|
|||||
| CVE-2021-38488 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.
|
|||||
| CVE-2021-38482 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system.
|
|||||
| CVE-2021-38468 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.
|
|||||
| CVE-2021-38466 | 1 Inhandnetworks | 2 Ir615, Ir615 Firmware | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
|
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser.
|
|||||
| CVE-2021-38428 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.
|
|||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.
|
|||||
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.
|
|||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code.
|
|||||
| CVE-2021-38375 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message.
|
|||||
| CVE-2021-38374 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL.
|
|||||
| CVE-2021-38361 | 1 Htaccess-redirect Project | 1 Htaccess-redirect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1.
|
|||||
| CVE-2021-38359 | 1 Invitebox | 1 Invitebox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1.
|
|||||
| CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1.
|
|||||
| CVE-2021-38357 | 1 Elyazalee | 1 Sms-ovh | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1.
|
|||||
| CVE-2021-38356 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page'].
|
|||||
| CVE-2021-38355 | 1 Bug Library Project | 1 Bug Library | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3.
|
|||||
| CVE-2021-38354 | 1 Gnu-mailman Integration Project | 1 Gnu-mailman Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6.
|
|||||
| CVE-2021-38353 | 1 Webodid | 1 Dropdown And Scrollable Text | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.
|
|||||
| CVE-2021-38352 | 1 Feedify | 1 Web Push Notifications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8.
|
|||||
| CVE-2021-38351 | 1 Outsidesource | 1 Osd Subscribe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3.
|
|||||
| CVE-2021-38350 | 1 Spideranalyse Project | 1 Spideranalyse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1.
|
|||||
| CVE-2021-38349 | 1 Techastha | 1 Integration Of Moneybird For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1.
|
|||||
| CVE-2021-38348 | 1 Advance Search Project | 1 Advance Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2.
|
|||||
| CVE-2021-38347 | 1 Custom Website Data Project | 1 Custom Website Data | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2.
|
|||||
| CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
|
The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double ...
Show More |
|||||
| CVE-2021-38345 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
|
The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127.
|
|||||
| CVE-2021-38344 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
|
The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page.
|
|||||
| CVE-2021-38341 | 1 Dreamfoxmedia | 1 Woocommerce Payment Gateway Per Category | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The WooCommerce Payment Gateway Per Category WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/includes/plugin_settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.10.
|
|||||
| CVE-2021-38340 | 1 Wordpress Simple Shop Project | 1 Wordpress Simple Shop | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the update_row parameter found in the ~/includes/add_product.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.
|
|||||
| CVE-2021-38339 | 1 Devondev | 1 Simple Matted Thumbnails | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Simple Matted Thumbnails WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simple-matted-thumbnail.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.01.
|
|||||
| CVE-2021-38338 | 1 Border Loading Bar Project | 1 Border Loading Bar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `f` and `t` parameter found in the ~/titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1.
|
|||||