Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39609 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | |||||
| CVE-2021-39599 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | |||||
| CVE-2021-39499 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | |||||
| CVE-2021-39496 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. | |||||
| CVE-2021-39491 | 1 Rengine Project | 1 Rengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | |||||
| CVE-2021-39486 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. | |||||
| CVE-2021-39421 | 1 Seeddms | 1 Seeddms | 2024-11-21 | N/A | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-39420 | 1 Vfront | 1 Vfront | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php. | |||||
| CVE-2021-39416 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters. | |||||
| CVE-2021-39413 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. | |||||
| CVE-2021-39412 | 1 Shopping Portal Project | 1 Shopping Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php. | |||||
| CVE-2021-39411 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | |||||
| CVE-2021-39408 | 1 Online Student Rate System Project | 1 Online Student Rate System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file | |||||
| CVE-2021-39404 | 1 Maianaffiliate | 1 Maianaffiliate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. | |||||
| CVE-2021-39393 | 1 Mm-wiki Project | 1 Mm-wiki | 2024-11-21 | N/A | 6.1 MEDIUM |
| mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | |||||
| CVE-2021-39391 | 1 Beego | 1 Beego | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. | |||||
| CVE-2021-39390 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. | |||||
| CVE-2021-39368 | 1 Canon | 1 Oce Print Exec Workgroup | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. | |||||
| CVE-2021-39362 | 1 Recaptcha Solver Project | 1 Recaptcha Solver | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers. | |||||
| CVE-2021-39357 | 1 Zeen101 | 1 Leaky Paywall | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the ~/class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||