CWE:
 

Tytuł
Data
Autor
Low
Logitech Media Server 8.2.0 Cross Site Scripting
14.10.2021
Mert Das
Med.
Yellowfin Cross Site Scripting / Insecure Direct Object Reference
14.10.2021
Michele Di Bonaventura
Low
myfactory.FMS 7.1-911 Cross Site Scripting
13.10.2021
Anonymouse
Med.
Student Quarterly Grading System 1.0 Cross Site Scripting
13.10.2021
Huseyin Serkan Balkanl...
Low
django-unicorn 0.35.3 Cross Site Scripting
09.10.2021
Raven Security Associa...
Low
Lifestyle Store 1.0 Cross Site Scripting
05.10.2021
Abdulrahman
Low
Young Entrepreneur E-Negosyo System 1.0 Cross Site Scripting
05.10.2021
Jordan Glover
Low
Phpwcms 1.9.30 Cross Site Scripting
02.10.2021
Okan Kurtulus
Low
OpenSIS 8.0 Cross Site Scripting
29.09.2021
Eric Salario
Med.
PASS-PHP 1.0 SQL Injection / Cross Site Scripting
28.09.2021
nu11secur1ty
Med.
WordPress TranslatePress 2.0.8 Cross Site Scripting
28.09.2021
Nosa Shandy
Low
WordPress Advanced Order Export For WooCommerce 3.1.7 Cross Site Scripting
23.09.2021
0xB9
Med.
WP Google Maps Plugin < 8.1.13 - Authenticated Persistent XSS
20.09.2021
Visse
Med.
WP Google Maps PRO Add-on Plugin < 8.1.12 - Authenticated Persistent XSS
20.09.2021
Visse
Low
Cloudron 6.2 Cross Site Scripting
18.09.2021
Akiner Kisa
Med.
AHSS-PHP 1.0 Cross Site Scripting / SQL Injection
15.09.2021
nu11secur1ty
Low
WordPress Duplicate Page 4.4.1 Cross Site Scripting
04.09.2021
Nikhil Kapoor
Low
jforum 2.7.0 Cross Site Scripting
04.09.2021
Kun Song
Med.
Moxa Command Injection / Cross Site Scripting / Vulnerable Software
01.09.2021
T. Weber
Low
Projectsend r1295 name Stored XSS
30.08.2021
Abdullah Kala
Low
HP OfficeJet 4630/7110 MYM1FN2025AR 2117A Cross Site Scripting
25.08.2021
Tyler Butler
Low
Laundry Booking Management System 1.0 Multiple Stored Cross-Site Scripting (XSS)
20.08.2021
Azumah Foresight Xorla...
Low
CentOS Web Panel 0.9.8.1081 Stored Cross-Site Scripting (XSS)
19.08.2021
Dinesh Mohanty
Low
Cyberoam NetGenie Cross Site Scripting
18.08.2021
Gionathan Reale
Low
Hospital Management System Cross Site Scripting
18.08.2021
nu11secur1ty
Med.
COMMAX Biometric Access Control System 1.0.0 Cross Site Scripting
17.08.2021
LiquidWorm
Low
NetGear D1500 1.0.0.21_1.0.1PE Cross Site Scripting
17.08.2021
Securityium
High
GeoVision Geowebserver 5.3.3 LFI / XSS / CSRF / Code Execution
17.08.2021
Ken Pyle
Low
Chikitsa 2.0.0 Cross Site Scripting
13.08.2021
nu11secur1ty
Low
PluXML 5.8.7 Cross Site Scripting
13.08.2021
nu11secur1ty
Low
Care2x Open Source Hospital Information Management 2.7 Alpha XSS
13.08.2021
securityforeveryone
Low
Police Crime Record Management System 1.0 Cross Site Scripting
13.08.2021
Omer Hasan Durmus
Low
WordPress Picture Gallery 1.4.2 Cross Site Scripting
10.08.2021
Aryan Chehreghani
Low
Connect-app (CDU) 3.8 Cross Site Scripting
09.08.2021
team smackback
Low
OneNav Beta 0.9.12 Cross Site Scripting
09.08.2021
nu11secur1ty
Low
CMSuno 1.7 Cross Site Scripting
06.08.2021
splint3rsec
High
Hotel Management System 1.0 Cross Site Scripting / Shell Upload
03.08.2021
Merbin Russel
Low
eGain Chat 15.5.5 Cross Site Scripting
01.08.2021
Hassy Vinod Eshan
Low
ObjectPlanet Opinio 7.12 Cross Site Scripting
30.07.2021
Ang Kar Min
Low
WordPress Plugin Mimetic Books 0.2.13 Default Publisher ID field Stored Cross-Site Scripting (XSS)
27.07.2021
Vikas Srivastava
Med.
Zabbix 5.x SQL Injection / Cross Site Scripting
26.07.2021
Taurus Omar
Med.
Tagstoo 2.0.1 Cross Site Scripting / Code Execution
26.07.2021
Taurus Omar
Low
WordPress Simple Post 1.1 Cross Site Scripting
23.07.2021
Vikas Srivastava
Low
Ampache 4.4.2 Cross Site Scripting
21.07.2021
Daniel Bishtawi
Low
WordPress KN Fix Your Title 1.0.1 Cross Site Scripting
21.07.2021
Aakash Choudhary
Low
WordPress Mimetic Books 0.2.13 Cross Site Scripting
19.07.2021
Vikas Srivastava
Med.
OX App Suite / OX Guard / OX Documents SSRF / Cross Site Scripting
17.07.2021
Martin Heiland
Low
Invoice System 1.0 Cross Site Scripting
15.07.2021
Subhadip Nag
Low
WordPress WPFront Notification Bar 1.9.1.04012 Cross Site Scripting
14.07.2021
Swapnil Subhash Bodeka...
Low
Pandora FMS 7.54 Cross Site Scripting
14.07.2021
nu11secur1ty
Low
WordPress Current Book 1.0.1 Cross Site Scripting
14.07.2021
Vikas Srivastava
Low
4Images 1.8 Cross Site Scripting
11.07.2021
Piyush Patil
Low
Zoo Management System 1.0 Cross Site Scripting
09.07.2021
Subhadip Nag
High
Wyomind Help Desk 1.3.6 XSS / Traversal / Shell Upload
08.07.2021
Patrik Lantz
Low
Employee Record Management System 1.2 Cross Site Scripting
08.07.2021
Subhadip Nag
Low
perfexcrm 1.10 Cross Site Scripting
07.07.2021
Alhasan Abbas
Low
Real Estate 7 WordPress Theme < 3.1.1 - Unauthenticated Reflected XSS
05.07.2021
Visse
High
Scratch Desktop 3.17 Code Execution / Cross Site Scripting
02.07.2021
apple502j
Low
AKCP sensorProbe SPX476 Cross Site Scripting
02.07.2021
Tyler Butler
Low
Teachers Record Management System 1.0 email Stored Cross-site Scripting (XSS)
29.06.2021
nhattruong
Low
Atlassian Jira Server/Data Center 8.16.0 Cross Site Scripting
28.06.2021
Captain_hook
Low
SAS Environment Manager 2.5 Cross Site Scripting
28.06.2021
Luqman Hakim Zahari
Med.
Personnel Record Management System 1.0 Authentication Bypass / XSS
28.06.2021
Richard Jones
Low
WordPress YOP Polls 6.2.7 Cross Site Scripting
28.06.2021
Toby Jackson
Low
ICE Hrm 29.0.0.OS xml upload Stored Cross-Site Scripting
27.06.2021
*Piyush Patil *& Rafal...
Low
WordPress WP Google Maps 8.1.11 Cross Site Scripting
25.06.2021
Mohammed Adam
Low
Cerberus FTP Web Service 11 Cross Site Scripting
11.06.2021
Mohammad Hossein Kaviy...
Low
WordPress Visitors-App 0.3 Cross Site Scripting
09.06.2021
Mesut Cetin
Low
FUDForum 3.1.0 Cross Site Scripting
06.06.2021
Piyush Patil
Low
CHIYU IoT Cross Site Scripting
02.06.2021
sirpedrotavares
Low
Shopizer 2.16.0 Multiple Cross-Site Scripting (XSS)
02.06.2021
Marek Toth
Low
WordPress WP Prayer 1.6.1 Cross Site Scripting
01.06.2021
Bastijn Ouwendijk
Low
i-doit 1.15.2 Cross Site Scripting
30.05.2021
nu11secur1ty
Low
WordPress LifterLMS 4.21.0 Cross Site Scripting
28.05.2021
Captain_hook
Low
Pandora FMS 6.0SP3 Cross Site Scripting
27.05.2021
nu11secur1ty
Med.
Postbird 0.8.4 Cross Site Scripting / Local File Inclusion
27.05.2021
Debshubra Chakraborty
Low
Simple Chatbot Application 1.0 Category Stored Cross site Scripting
26.05.2021
Vani K G
Low
WordPress ReDi Restaurant Reservation 21.0307 Cross Site Scripting
25.05.2021
Bastijn Ouwendijk
Low
WordPress Cookie Law Bar 1.2.1 Cross Site Scripting
25.05.2021
Mesut Cetin
Low
Gadget Works Online Ordering System 1.0 Cross Site Scripting
25.05.2021
Vinay H C
Low
WordPress Plugin Stop Spammers 2021.8 log Reflected Cross-site Scripting (XSS)
23.05.2021
Hosein Vita
Low
Spotweb-Develop 1.4.9 Cross Site Scripting
21.05.2021
nu11secur1ty
Low
COVID19 Testing Management System 1.0 Admin name Cross-Site Scripting (XSS)
19.05.2021
Rohit Burke
Low
Advanced Guestbook 2.4.4 Cross Site Scripting
18.05.2021
Abdulkadir AYDOGAN
Low
GiveWP WordPress Plugin <= 2.10.3 - Authenticated Persistent XSS
17.05.2021
m0ze
Low
GA Google Analytics WordPress Plugin <= 20210211 - Multiple Authenticated Persistent XSS
17.05.2021
m0ze
Low
Mediumish WordPress Theme <= 1.0.47 - Unauthenticated Reflected XSS & XFS
17.05.2021
m0ze
Low
Listeo WordPress Theme <= 1.6.10 - Multiple XSS & XFS vulnerabilities
17.05.2021
m0ze
Low
Bello WordPress Theme <= 1.5.9 - Unauthenticated Reflected XSS & XFS
17.05.2021
m0ze
Low
WP-DB-Backup WordPress Plugin <= 2.3.3 - Authenticated Persistent XSS
17.05.2021
m0ze
Low
Customer Relationship Management System 1.0 Cross Site Scripting
17.05.2021
Vani K G
Low
Chevereto 3.17.1 Cross Site Scripting
13.05.2021
Akiner Kisa
Low
ERPNext 12.18.0 / 13.0.0 Cross Site Scripting
11.05.2021
Stefan Pietsch
Low
PHP Timeclock 1.04 Cross Site Scripting
10.05.2021
Tyler Butler
High
Xmind 2020 Cross Site Scripting / Code Execution
09.05.2021
Taurus Omar
Low
Markright 1.0 XSS to RCE
09.05.2021
TaurusOmar
Med.
Anote 1.0 Cross Site Scripting / Code Execution
08.05.2021
Taurus Omar
Low
StudyMD 0.3.2 XSS to RCE
07.05.2021
TaurusOmar
Low
Moeditor 0.2.0 Cross Site Scripting / Code Execution
06.05.2021
Taurus Omar
Low
Markright 1.0 Cross Site Scripting / Code Execution
06.05.2021
Taurus Omar


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2021-10-15
Waiting for details
CVE-2021-39349

Updating...
 

 
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39345

Updating...
 

 
The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.1.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39344

Updating...
 

 
The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39338

Updating...
 

 
The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39336

Updating...
 

 
The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 0.7.25. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39335

Updating...
 

 
The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39334

Updating...
 

 
The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-39332

Updating...
 

 
The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.

 
Waiting for details
CVE-2021-42335

Updating...
 

 

 
Waiting for details
CVE-2021-42329

Updating...
 

 

 

 


Copyright 2021, cxsecurity.com

 

Back to Top