CWE:
 

Topic
Date
Author
Low
Cloudron 6.2 Cross Site Scripting
18.09.2021
Akiner Kisa
Med.
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
15.09.2021
nu11secur1ty
Low
WordPress Duplicate Page 4.4.1 Cross Site Scripting
04.09.2021
Nikhil Kapoor
Low
jforum 2.7.0 Cross Site Scripting
04.09.2021
Kun Song
Med.
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
01.09.2021
T. Weber
Low
Projectsend r1295 name Stored XSS
30.08.2021
Abdullah Kala
Low
HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting
25.08.2021
Tyler Butler
Low
Laundry Booking Management System 1.0 Multiple Stored Cross-Site Scripting (XSS)
20.08.2021
Azumah Foresight Xorla...
Low
CentOS Web Panel 0.9.8.1081 Stored Cross-Site Scripting (XSS)
19.08.2021
Dinesh Mohanty
Low
Cyberoam NetGenie Cross Site Scripting
18.08.2021
Gionathan Reale
Low
Hospital Management System Cross Site Scripting
18.08.2021
nu11secur1ty
Med.
COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting
17.08.2021
LiquidWorm
Low
NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting
17.08.2021
Securityium
High
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
17.08.2021
Ken Pyle
Low
Chikitsa 2.0.0 Cross Site Scripting
13.08.2021
nu11secur1ty
Low
PluXML 5.8.7 Cross Site Scripting
13.08.2021
nu11secur1ty
Low
Care2x Open Source Hospital Information Management 2.7 Alpha XSS
13.08.2021
securityforeveryone
Low
Police Crime Record Management System 1.0 Cross Site Scripting
13.08.2021
Omer Hasan Durmus
Low
WordPress Picture Gallery 1.4.2 Cross Site Scripting
10.08.2021
Aryan Chehreghani
Low
Connect-app (CDU) 3.8 Cross Site Scripting
09.08.2021
team smackback
Low
OneNav Beta 0.9.12 Cross Site Scripting
09.08.2021
nu11secur1ty
Low
CMSuno 1.7 Cross Site Scripting
06.08.2021
splint3rsec
High
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
03.08.2021
Merbin Russel
Low
eGain Chat 15.5.5 Cross Site Scripting
01.08.2021
Hassy Vinod Eshan
Low
ObjectPlanet Opinio 7.12 Cross Site Scripting
30.07.2021
Ang Kar Min
Low
WordPress Plugin Mimetic Books 0.2.13 Default Publisher ID field Stored Cross-Site Scripting (XSS)
27.07.2021
Vikas Srivastava
Med.
Zabbix 5.x SQL Injection / Cross Site Scripting
26.07.2021
Taurus Omar
Med.
Tagstoo 2.0.1 Cross Site Scripting / Code Execution
26.07.2021
Taurus Omar
Low
WordPress Simple Post 1.1 Cross Site Scripting
23.07.2021
Vikas Srivastava
Low
Ampache 4.4.2 Cross Site Scripting
21.07.2021
Daniel Bishtawi
Low
WordPress KN Fix Your Title 1.0.1 Cross Site Scripting
21.07.2021
Aakash Choudhary
Low
WordPress Mimetic Books 0.2.13 Cross Site Scripting
19.07.2021
Vikas Srivastava
Med.
OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
17.07.2021
Martin Heiland
Low
Invoice System 1.0 Cross Site Scripting
15.07.2021
Subhadip Nag
Low
WordPress WPFront Notification Bar 1.9.1.04012 Cross Site Scripting
14.07.2021
Swapnil Subhash Bodeka...
Low
Pandora FMS 7.54 Cross Site Scripting
14.07.2021
nu11secur1ty
Low
WordPress Current Book 1.0.1 Cross Site Scripting
14.07.2021
Vikas Srivastava
Low
4Images 1.8 Cross Site Scripting
11.07.2021
Piyush Patil
Low
Zoo Management System 1.0 Cross Site Scripting
09.07.2021
Subhadip Nag
High
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
08.07.2021
Patrik Lantz
Low
Employee Record Management System 1.2 Cross Site Scripting
08.07.2021
Subhadip Nag
Low
perfexcrm 1.10 Cross Site Scripting
07.07.2021
Alhasan Abbas
Low
Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
05.07.2021
Visse
High
Scratch Desktop 3.17 Code Execution / Cross Site Scripting
02.07.2021
apple502j
Low
AKCP sensorProbe SPX476 Cross Site Scripting
02.07.2021
Tyler Butler
Low
Teachers Record Management System 1.0 email Stored Cross-site Scripting (XSS)
29.06.2021
nhattruong
Low
Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting
28.06.2021
Captain_hook
Low
SAS Environment Manager 2.5 Cross Site Scripting
28.06.2021
Luqman Hakim Zahari
Med.
Personnel Record Management System 1.0 Authentication Bypass / XSS
28.06.2021
Richard Jones
Low
WordPress YOP Polls 6.2.7 Cross Site Scripting
28.06.2021
Toby Jackson
Low
ICE Hrm 29.0.0.OS xml upload Stored Cross-Site Scripting
27.06.2021
*Piyush Patil *& Rafal...
Low
WordPress WP Google Maps 8.1.11 Cross Site Scripting
25.06.2021
Mohammed Adam
Low
Cerberus FTP Web Service 11 Cross Site Scripting
11.06.2021
Mohammad Hossein Kaviy...
Low
WordPress Visitors-App 0.3 Cross Site Scripting
09.06.2021
Mesut Cetin
Low
FUDForum 3.1.0 Cross Site Scripting
06.06.2021
Piyush Patil
Low
CHIYU IoT Cross Site Scripting
02.06.2021
sirpedrotavares
Low
Shopizer 2.16.0 Multiple Cross-Site Scripting (XSS)
02.06.2021
Marek Toth
Low
WordPress WP Prayer 1.6.1 Cross Site Scripting
01.06.2021
Bastijn Ouwendijk
Low
i-doit 1.15.2 Cross Site Scripting
30.05.2021
nu11secur1ty
Low
WordPress LifterLMS 4.21.0 Cross Site Scripting
28.05.2021
Captain_hook
Low
Pandora FMS 6.0SP3 Cross Site Scripting
27.05.2021
nu11secur1ty
Med.
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
27.05.2021
Debshubra Chakraborty
Low
Simple Chatbot Application 1.0 Category Stored Cross site Scripting
26.05.2021
Vani K G
Low
WordPress ReDi Restaurant Reservation 21.0307 Cross Site Scripting
25.05.2021
Bastijn Ouwendijk
Low
WordPress Cookie Law Bar 1.2.1 Cross Site Scripting
25.05.2021
Mesut Cetin
Low
Gadget Works Online Ordering System 1.0 Cross Site Scripting
25.05.2021
Vinay H C
Low
WordPress Plugin Stop Spammers 2021.8 log Reflected Cross-site Scripting (XSS)
23.05.2021
Hosein Vita
Low
Spotweb-Develop 1.4.9 Cross Site Scripting
21.05.2021
nu11secur1ty
Low
COVID19 Testing Management System 1.0 Admin name Cross-Site Scripting (XSS)
19.05.2021
Rohit Burke
Low
Advanced Guestbook 2.4.4 Cross Site Scripting
18.05.2021
Abdulkadir AYDOGAN
Low
GiveWP WordPress Plugin <= 2.10.3 - Authenticated Persistent XSS
17.05.2021
m0ze
Low
GA Google Analytics WordPress Plugin <= 20210211 - Multiple Authenticated Persistent XSS
17.05.2021
m0ze
Low
Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS
17.05.2021
m0ze
Low
Listeo WordPress Theme <= 1.6.10 - Multiple XSS & XFS vulnerabilities
17.05.2021
m0ze
Low
Bello WordPress Theme <= 1.5.9 - Unauthenticated Reflected XSS & XFS
17.05.2021
m0ze
Low
WP-DB-Backup WordPress Plugin <= 2.3.3 - Authenticated Persistent XSS
17.05.2021
m0ze
Low
Customer Relationship Management System 1.0 Cross Site Scripting
17.05.2021
Vani K G
Low
Chevereto 3.17.1 Cross Site Scripting
13.05.2021
Akiner Kisa
Low
ERPNext 12.18.0 / 13.0.0 Cross Site Scripting
11.05.2021
Stefan Pietsch
Low
PHP Timeclock 1.04 Cross Site Scripting
10.05.2021
Tyler Butler
High
Xmind 2020 Cross Site Scripting / Code Execution
09.05.2021
Taurus Omar
Low
Markright 1.0 XSS to RCE
09.05.2021
TaurusOmar
Med.
Anote 1.0 Cross Site Scripting / Code Execution
08.05.2021
Taurus Omar
Low
StudyMD 0.3.2 XSS to RCE
07.05.2021
TaurusOmar
Low
Moeditor 0.2.0 Cross Site Scripting / Code Execution
06.05.2021
Taurus Omar
Low
Markright 1.0 Cross Site Scripting / Code Execution
06.05.2021
Taurus Omar
Low
Schlix CMS 2.2.6-6 Cross Site Scripting
06.05.2021
Emircan Bas
Med.
Anote 1.0 XSS to RCE
05.05.2021
TaurusOmar
Low
Adtran Personal Phone Manager 10.8.1 Multiple Reflected Cross-Site Scripting (XSS)
03.05.2021
3ndG4me
Low
Moodle 3.10.3 url Persistent Cross Site Scripting
02.05.2021
UVision
Low
Kirby CMS 3.5.3.1 Cross Site Scripting
30.04.2021
Sreenath Raghunathan
Low
Moodle 3.6.1 Persistent Cross-Site Scripting (XSS)
30.04.2021
farisv
Med.
OX App Suite / OX Guard SSRF / DoS / Cross Site Scripting
30.04.2021
Martin Heiland
Low
PFSense 2.5.0 Cross Site Scripting
29.04.2021
William Costa
Low
Montiorr 1.7.6m Cross Site Scripting
27.04.2021
Ahmad Shakla
Low
Sipwise C5 NGCP CSC Cross Site Scripting
23.04.2021
LiquidWorm
Low
WordPress Plugin RSS for Yandex Turbo 1.29 Stored Cross-Site Scripting (XSS)
23.04.2021
Himamshu Dilip Kulkarn...
Low
BMD BMDWeb 2.0 Cross Site Scripting
23.04.2021
Stefan Viehbock
Low
DzzOffice 2.02.1 Cross Site Scripting
23.04.2021
nu11secur1ty
Low
RemoteClinic 2.0 Multiple Stored Cross-Site Scripting (XSS)
22.04.2021
Saud Ahmad


CVEMAP Search Results

CVE
Details
Description
2021-09-16
Waiting for details
CVE-2021-34571

Updating...
 

 
Multiple Wireless M-Bus devices by Enbra use Hard-coded Credentials in Security mode 5 without an option to change the encryption key. An adversary can learn all information that is available in Enbra EWM.

 
2021-09-15
Waiting for details
CVE-2021-39205

Updating...
 

 
Jitsi Meet is an open source video conferencing application. Versions prior to 2.0.6173 are vulnerable to client-side cross-site scripting via injecting properties into JSON objects that were not properly escaped. There are no known incidents related to this vulnerability being exploited in the wild. This issue is fixed in Jitsi Meet version 2.0.6173. There are no known workarounds aside from upgrading.

 
2021-09-14
Waiting for details
CVE-2021-37191

Updating...
 

 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.0 SP2). An unauthenticated attacker in the same network of the affected system could brute force the usernames from the affected software.

 
2021-09-13
Waiting for details
CVE-2021-24728

Updating...
 

 

 
Waiting for details
CVE-2021-24724

Updating...
 

 
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the related event/s

 
Waiting for details
CVE-2021-24623

Updating...
 

 
The WordPress Advanced Ticket System, Elite Support Helpdesk WordPress plugin before 1.0.64 does not sanitize or escape form values before saving to the database or when outputting, which allows high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

 
Waiting for details
CVE-2021-24619

Updating...
 

 
The Per page add to head WordPress plugin through 1.4.4 does not properly sanitise one of its setting, allowing malicious HTML to be inserted by high privilege users even when the unfiltered_html capability is disallowed, which could lead to Cross-Site Scripting issues.

 
Waiting for details
CVE-2021-24614

Updating...
 

 
The Book appointment online WordPress plugin before 1.39 does not sanitise or escape Service Prices before outputting it in the List, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed.

 
Waiting for details
CVE-2021-24605

Updating...
 

 
The create_post_page AJAX action of the Custom Post View Generator WordPress plugin through 0.4.6 (available to authenticated user) does not sanitise or escape user input before outputting it back in the response, leading to a Reflected Cross-Site issue

 
Waiting for details
CVE-2021-24560

Updating...
 

 
The Software License Manager WordPress plugin before 4.4.8 does not sanitise or escape the edit_record parameter before outputting it back in the page in the admin dashboard, leading to a Reflected Cross-Site Scripting issue

 

 


Copyright 2021, cxsecurity.com

 

Back to Top