Total
37524 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38327 | 1 Ueberhamm-design | 1 Youtube Video Inserter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The YouTube Video Inserter WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/adminUI/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2.1.0. | |||||
| CVE-2021-38326 | 1 Wpleet | 1 Post Title Counter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Post Title Counter WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the notice parameter found in the ~/post-title-counter.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1. | |||||
| CVE-2021-38325 | 1 User-activation-email Project | 1 User-activation-email | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The User Activation Email WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the uae-key parameter found in the ~/user-activation-email.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.0. | |||||
| CVE-2021-38323 | 1 30lines | 1 Rentpress | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The RentPress WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selections parameter found in the ~/src/rentPress/AjaxRequests.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.6.4. | |||||
| CVE-2021-38322 | 1 Twitter Friends Widget Project | 1 Twitter Friends Widget | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Twitter Friends Widget WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the pmc_TF_user and pmc_TF_password parameter found in the ~/twitter-friends-widget.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.1. | |||||
| CVE-2021-38321 | 1 Custom-sub-menus Project | 1 Custom-sub-menus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Menu Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the selected_menu parameter found in the ~/custom-menus.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.3. | |||||
| CVE-2021-38320 | 1 Simplesamlphp Authentication Project | 1 Simplesamlphp Authentication | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The simpleSAMLphp Authentication WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/simplesamlphp-authentication.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.7.0. | |||||
| CVE-2021-38319 | 1 Windyroad | 1 More From Google | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The More From Google WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $_SERVER["PHP_SELF"] value in the ~/morefromgoogle.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.2. | |||||
| CVE-2021-38318 | 1 3d Cover Carousel Project | 1 3d Cover Carousel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 3D Cover Carousel WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/cover-carousel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-38317 | 1 Kibokolabs | 1 Konnichiwa | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Konnichiwa! Membership WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the plan_id parameter in the ~/views/subscriptions.html.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.8.3. | |||||
| CVE-2021-38316 | 1 Wp Academic People List Project | 1 Wp Academic People List | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Academic People List WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the category_name parameter in the ~/admin-panel.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.4.1. | |||||
| CVE-2021-38315 | 1 Smartypantsplugins | 1 Sp Project \& Document Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The SP Project & Document Manager WordPress plugin is vulnerable to attribute-based Reflected Cross-Site Scripting via the from and to parameters in the ~/functions.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.25. | |||||
| CVE-2021-38295 | 1 Apache | 1 Couchdb | 2024-11-21 | 6.0 MEDIUM | 7.3 HIGH |
| In Apache CouchDB, a malicious user with permission to create documents in a database is able to attach a HTML attachment to a document. If a CouchDB admin opens that attachment in a browser, e.g. via the CouchDB admin interface Fauxton, any JavaScript code embedded in that HTML attachment will be executed within the security context of that admin. A similar route is available with the already deprecated _show and _list functionality. This privilege escalation vulnerability allows an attacker to add or remove data in any database or make configuration changes. This issue affected Apache CouchDB prior to 3.1.2 | |||||
| CVE-2021-38269 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Gogo Shell module in Liferay Portal 7.1.0 through 7.3.6 and 7.4.0, and Liferay DXP 7.1 before fix pack 23, 7.2 before fix pack 13, and 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the output of a Gogo Shell command. | |||||
| CVE-2021-38267 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Blogs module's edit blog entry page in Liferay Portal 7.3.2 through 7.3.6, and Liferay DXP 7.3 before fix pack 2 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_blogs_web_portlet_BlogsAdminPortlet_title and _com_liferay_blogs_web_portlet_BlogsAdminPortlet_subtitle parameter. | |||||
| CVE-2021-38265 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the _com_liferay_asset_list_web_portlet_AssetListPortlet_title parameter. | |||||
| CVE-2021-38264 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. This issue is caused by an incomplete fix in CVE-2021-35463. | |||||
| CVE-2021-38263 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script. | |||||
| CVE-2021-38221 | 1 Bbs-go Project | 1 Bbs-go | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | |||||
| CVE-2021-38193 | 1 Ammonia Project | 1 Ammonia | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. | |||||