Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38375 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. | |||||
| CVE-2021-38374 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through through 7.10.5 allows XSS via a crafted snippet that has an app loader reference within an app loader URL. | |||||
| CVE-2021-38361 | 1 Htaccess-redirect Project | 1 Htaccess-redirect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The .htaccess Redirect WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the link parameter found in the ~/htaccess-redirect.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.3.1. | |||||
| CVE-2021-38359 | 1 Invitebox | 1 Invitebox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WordPress InviteBox Plugin for viral Refer-a-Friend Promotions WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the message parameter found in the ~/admin/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4.1. | |||||
| CVE-2021-38358 | 1 Kibokolabs | 1 Moolamojo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The MoolaMojo WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the classes parameter found in the ~/views/button-generator.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.4.1. | |||||
| CVE-2021-38357 | 1 Elyazalee | 1 Sms-ovh | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SMS OVH WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the position parameter found in the ~/sms-ovh-sent.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.1. | |||||
| CVE-2021-38356 | 1 Nextscripts | 1 Social Networks Auto Poster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The NextScripts: Social Networks Auto-Poster <= 4.3.20 WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $_REQUEST['page'] parameter which is echoed out on inc/nxs_class_snap.php by supplying the appropriate value 'nxssnap-post' to load the page in $_GET['page'] along with malicious JavaScript in $_POST['page']. | |||||
| CVE-2021-38355 | 1 Bug Library Project | 1 Bug Library | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the ~/bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3. | |||||
| CVE-2021-38354 | 1 Gnu-mailman Integration Project | 1 Gnu-mailman Integration | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The GNU-Mailman Integration WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the gm_error parameter found in the ~/includes/admin/mailing-lists-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.6. | |||||
| CVE-2021-38353 | 1 Webodid | 1 Dropdown And Scrollable Text | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Dropdown and scrollable Text WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the content parameter found in the ~/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0. | |||||
| CVE-2021-38352 | 1 Feedify | 1 Web Push Notifications | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Feedify – Web Push Notifications WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the feedify_msg parameter found in the ~/includes/base.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.8. | |||||
| CVE-2021-38351 | 1 Outsidesource | 1 Osd Subscribe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OSD Subscribe WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the osd_subscribe_message parameter found in the ~/options/osd_subscribe_options_subscribers.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.3. | |||||
| CVE-2021-38350 | 1 Spideranalyse Project | 1 Spideranalyse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The spideranalyse WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the date parameter found in the ~/analyse/index.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.1. | |||||
| CVE-2021-38349 | 1 Techastha | 1 Integration Of Moneybird For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error_description parameter found in the ~/templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1. | |||||
| CVE-2021-38348 | 1 Advance Search Project | 1 Advance Search | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Advance Search WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the wpas_id parameter found in the ~/inc/admin/views/html-advance-search-admin-options.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1.2. | |||||
| CVE-2021-38347 | 1 Custom Website Data Project | 1 Custom Website Data | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Website Data WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter found in the ~/views/edit.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.2. | |||||
| CVE-2021-38346 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress allowed authenticated users to upload executable files to a location of their choice using the brizy_create_block_screenshot AJAX action. The file would be named using the id parameter, which could be prepended with "../" to perform directory traversal, and the file contents were populated via the ibsf parameter, which would be base64-decoded and written to the file. While the plugin added a .jpg extension to all uploaded filenames, a double extension attack was still possible, e.g. a file named shell.php would be saved as shell.php.jpg, and would be executable on a number of common configurations. | |||||
| CVE-2021-38345 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 4.0 MEDIUM | 7.1 HIGH |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. An identical issue was found by another researcher in Brizy <= 1.0.125 and fixed in version 1.0.126, but the vulnerability was reintroduced in version 1.0.127. | |||||
| CVE-2021-38344 | 1 Brizy | 1 Brizy-page Builder | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. It was possible to add malicious JavaScript to a page by modifying the request sent to update the page via the brizy_update_item AJAX action and adding JavaScript to the data parameter, which would be executed in the session of any visitor viewing or previewing the post or page. | |||||