CVE-2021-24467
The Leaflet Map WordPress plugin before 3.0.0 does not verify the CSRF nonce when saving its settings, which allows attackers
CVE-2021-33328
Cross-site scripting (XSS) vulnerability in the Asset module’s edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP
CVE-2021-29105
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Services Directory version 10.8.1 and below may allow a remote
CVE-2021-29103
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able
CVE-2021-29104
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated
CVE-2020-18668
Cross Site Scripting (XSS) vulnerabililty in WebPort <=1.19.1 via the description parameter to script/listcalls. (CVSS:0.0) (Last Update:2021-06-24)
CVE-2021-32713
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability.
CVE-2021-29953
A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another
CVE-2020-18671
Cross Site Scripting (XSS) vulnerability in Roundcube Mail <=1.4.4 via smtp config in /installer/test.php. (CVSS:0.0) (Last Update:2021-06-24)
CVE-2021-24369
In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form,
CVE-2021-24373
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET
CVE-2019-25047
Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.
CVE-2021-24383
The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in
CVE-2021-28833
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. (CVSS:0.0) (Last Update:2021-06-21)
CVE-2021-24372
The WP Hardening – Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER[‘REQUEST_URI’] before
CVE-2020-21517
Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. (CVSS:0.0) (Last Update:2021-06-21)
CVE-2021-34815
CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. (CVSS:0.0) (Last Update:2021-06-18)
CVE-2021-27479
ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters
CVE-2021-1571
Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to
CVE-2021-3535
Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console’s Filtered Asset Search feature. A specific
CVE-2021-21441
There is a XSS vulnerability in the ticket overview screens. It’s possible to collect various information by having an e-mail
CVE-2021-21667
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored
CVE-2021-21668
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable
CVE-2020-35761
bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. (CVSS:0.0) (Last Update:2021-06-16)