Total
37395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34656 | 1 Videowhisper | 1 2way Videocalls And Random Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The 2Way VideoCalls and Random Chat - HTML5 Webcam Videochat WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `vws_notice` function found in the ~/inc/requirements.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 5.2.7. | |||||
| CVE-2021-34655 | 1 Wp Songbook Project | 1 Wp Songbook | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Songbook WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the url parameter found in the ~/inc/class.ajax.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.11. | |||||
| CVE-2021-34654 | 1 Custom Post Type Relations Project | 1 Custom Post Type Relations | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Custom Post Type Relations WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the cptr[name] parameter found in the ~/pages/admin-page.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0. | |||||
| CVE-2021-34653 | 1 Wp Fountain Project | 1 Wp Fountain | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The WP Fountain WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/wp-fountain.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.5.9. | |||||
| CVE-2021-34652 | 1 Meowapps | 1 Media Usage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Media Usage WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the id parameter in the ~/mmu_admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.0.4. | |||||
| CVE-2021-34651 | 1 Scribblemaps | 1 Scribble Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Scribble Maps WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the map parameter in the ~/includes/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2. | |||||
| CVE-2021-34650 | 1 Eideasy | 1 Eid Easy | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. | |||||
| CVE-2021-34649 | 1 Simple-behace-portfolio Project | 1 Simple-behace-portfolio | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Simple Behance Portfolio WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the `dark` parameter in the ~/titan-framework/iframe-font-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 0.2. | |||||
| CVE-2021-34644 | 1 Multiplayer-plugin Project | 1 Multiplayer-plugin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Multiplayer Games WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/multiplayergames.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.7. | |||||
| CVE-2021-34643 | 1 Skaut-bazar Project | 1 Skaut-bazar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Skaut bazar WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/skaut-bazar.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.3.2. | |||||
| CVE-2021-34642 | 1 Followistic | 1 Smart Email Alerts | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Smart Email Alerts WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the api_key in the ~/views/settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.10. | |||||
| CVE-2021-34641 | 1 Seopress | 1 Seopress | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| The SEOPress WordPress plugin is vulnerable to Stored Cross-Site-Scripting via the processPut function found in the ~/src/Actions/Api/TitleDescriptionMeta.php file which allows authenticated attackers to inject arbitrary web scripts, in versions 5.0.0 - 5.0.3. | |||||
| CVE-2021-34640 | 1 Securimage-wp-fixed Project | 1 Securimage-wp-fixed | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Securimage-WP-Fixed WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to the use of $_SERVER['PHP_SELF'] in the ~/securimage-wp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.5.4. | |||||
| CVE-2021-34635 | 1 Ays-pro | 1 Poll Maker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8. | |||||
| CVE-2021-34630 | 1 Gtranslate | 1 Gtranslate | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution. | |||||
| CVE-2021-34625 | 1 Wp-upload-restriction Project | 1 Wp-upload-restriction | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| A vulnerability in the saveCustomType function of the WP Upload Restriction WordPress plugin allows low-level authenticated users to inject arbitrary web scripts. This issue affects versions 2.2.3 and prior. | |||||
| CVE-2021-34617 | 1 Aruba | 1 Aruba Instant | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x: 6.5.4.13 and below; Aruba Instant 8.3.x: 8.3.0.7 and below; Aruba Instant 8.4.x: 8.4.0.5 and below; Aruba Instant 8.5.x: 8.5.0.0 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | |||||
| CVE-2021-34590 | 1 Bender | 4 Cc612, Cc612 Firmware, Cc613 and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Bender/ebee Charge Controllers in multiple versions are prone to Cross-site Scripting. An authenticated attacker could write HTML Code into configuration values. These values are not properly escaped when displayed. | |||||
| CVE-2021-34582 | 1 Phoenixcontact | 4 Fl Mguard 1102, Fl Mguard 1102 Firmware, Fl Mguard 1105 and 1 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| In Phoenix Contact FL MGUARD 1102 and 1105 in Versions 1.4.0, 1.4.1 and 1.5.0 a user with high privileges can inject HTML code (XSS) through web-based management or the REST API with a manipulated certificate file. | |||||
| CVE-2021-34562 | 1 Pepperl-fuchs | 4 Wha-gw-f2d2-0-as-z2-eth, Wha-gw-f2d2-0-as-z2-eth.eip, Wha-gw-f2d2-0-as-z2-eth.eip Firmware and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| In PEPPERL+FUCHS WirelessHART-Gateway 3.0.8 it is possible to inject arbitrary JavaScript into the application's response. | |||||