Export limit exceeded: 44633 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44633 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24152 | 1 Sygnoos | 1 Popup Builder | 2024-11-21 | 6.1 Medium |
| The "All Subscribers" setting page of Popup Builder was vulnerable to reflected Cross-Site Scripting. | ||||
| CVE-2021-24147 | 1 Webnus | 1 Modern Events Calendar Lite | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing an event, allowing users with privilege as low as author to add events with a Cross-Site Scripting payload in them, which will be triggered in the frontend when viewing the event. | ||||
| CVE-2021-24136 | 1 Axelerant | 1 Testimonials Widget | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to inject arbitrary JavaScript code or HTML via the below parameters: - Author - Job Title - Location - Company - Email - URL | ||||
| CVE-2021-24135 | 1 Gowebsolutions | 1 Wp Customer Reviews | 2024-11-21 | 6.1 Medium |
| Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote attackers to inject arbitrary JavaScript code or HTML. | ||||
| CVE-2021-24134 | 1 Constantcontact | 1 Constant Contact Forms | 2024-11-21 | 4.8 Medium |
| Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed high-privileged user (Editor+) to inject arbitrary JavaScript code or HTML in posts where the malicious form is embed. | ||||
| CVE-2021-24129 | 1 Themify | 1 Portfolio Post | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged users (Contributor+) to inject arbitrary JavaScript code or HTML in posts where the Themify Custom Panel is embedded, which could lead to privilege escalation. | ||||
| CVE-2021-24128 | 1 Wpdarko | 1 Team Members | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated attacker (contributor+) to inject arbitrary web script or HTML via the 'Description/biography' of a member. | ||||
| CVE-2021-24127 | 1 Caseproof | 1 Thirstyaffiliates Affiliate Link Manager | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting (XSS), which could lead to privilege escalation. | ||||
| CVE-2021-24126 | 1 Enviragallery | 1 Envira Gallery | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | ||||
| CVE-2021-24124 | 1 Terryl | 1 Wp Shieldon | 2024-11-21 | 6.1 Medium |
| Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. | ||||
| CVE-2021-24021 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 4.3 Medium |
| An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks. | ||||
| CVE-2021-24014 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 5.4 Medium |
| Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. | ||||
| CVE-2021-24005 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 4 Medium |
| Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | ||||
| CVE-2021-23959 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23936 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via the subject of a task. | ||||
| CVE-2021-23935 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. | ||||
| CVE-2021-23934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. | ||||
| CVE-2021-23933 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. | ||||
| CVE-2021-23932 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. | ||||
| CVE-2021-23931 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via an inline binary file. | ||||