Total
38008 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39334 | 1 Perceptionsystem | 1 Job Board Vanila | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Job Board Vanila WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjb_exp_in and the psjb_curr_in parameters found in the ~/job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2021-39332 | 1 Linksoftwarellc | 1 Business Manager | 2024-11-21 | 2.1 LOW | 5.5 MEDIUM |
| The Business Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization found throughout the plugin which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.4.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2021-39329 | 1 Ultimatemember | 1 Jobboardwp | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2021-39328 | 1 Presstigers | 1 Simple Job Board | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $job_board_privacy_policy_label variable echo'd out via the ~/admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.9.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | |||||
| CVE-2021-39322 | 1 Cybernetikz | 1 Easy Social Icons | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. | |||||
| CVE-2021-39320 | 1 Underconstruction Project | 1 Underconstruction | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The underConstruction plugin <= 1.18 for WordPress echoes out the raw value of `$GLOBALS['PHP_SELF']` in the ucOptions.php file. On certain configurations including Apache+modPHP, this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. | |||||
| CVE-2021-39319 | 1 Duogeek | 1 Duofaq-responsive-flat-simple-faq | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The duoFAQ - Responsive, Flat, Simple FAQ WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/duogeek/duogeek-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.8. | |||||
| CVE-2021-39318 | 1 H5p-css-editor Project | 1 H5p-css-editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The H5P CSS Editor WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the h5p-css-file parameter found in the ~/h5p-css-editor.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-39315 | 1 Magic-post-voice Project | 1 Magic-post-voice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Magic Post Voice WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the ids parameter found in the ~/inc/admin/main.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-39314 | 1 Wanderlust-webdesign | 1 Woo-enviopack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce EnvioPack WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the dataid parameter found in the ~/includes/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-39313 | 1 Duogeek | 1 Simple Image Gallery | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Image Gallery WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the msg parameter found in the ~/simple-image-gallery.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | |||||
| CVE-2021-39311 | 1 Link-list-manager Project | 1 Link-list-manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The link-list-manager WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category parameter found in the ~/llm.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-39310 | 1 Windyroad | 1 Real Wysiwyg | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Real WYSIWYG WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of PHP_SELF in the ~/real-wysiwyg.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. | |||||
| CVE-2021-39309 | 1 Dpsoft | 1 Parsian Bank Gateway For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Parsian Bank Gateway for Woocommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via and parameter due to a var_dump() on $_POST variables found in the ~/vendor/dpsoft/parsian-payment/sample/rollback-payment.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-39308 | 1 Woo-myghpay-payment-gateway Project | 1 Woo-myghpay-payment-gateway | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WooCommerce myghpay Payment Gateway WordPess plugin is vulnerable to Reflected Cross-Site Scripting via the clientref parameter found in the ~/processresponse.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.0. | |||||
| CVE-2021-39307 | 1 Pdftron | 1 Webviewer Ui | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. | |||||
| CVE-2021-39286 | 1 Webrecorder | 1 Pywb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped. | |||||
| CVE-2021-39285 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. | |||||
| CVE-2021-39278 | 1 Moxa | 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. | |||||