CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

NVD•added 2021/11/29 7:15 p.m.•8 views

CVE-2021-42358

The Contact Form With Captcha WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 1.6.2...

8.8CVSS0.00109EPSS

CVE•added 2021/11/29 6:10 p.m.•33 views

CVE-2021-42364

The CVE-2021-42364 entry maps to the WordPress Stetic plugin vulnerability, where Cross-Site Request Forgery arises from missing nonce validation in the stats_page function of stetic.php. Affected versions are up to 1.0.6, enabling attackers to inject arbitrary web scripts (Stored XSS). Several c...

8.8CVSS8.7AI score0.00109EPSS

Exploits0References2Affected Software1

WPVulnDB•added 2021/11/29 12:0 a.m.•17 views

Contact Form With Captcha <= 1.6.2 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation in the /cfwc-form.php file during contact form submission, which made it possible for attackers to inject arbitrary web scripts...

8.8CVSS3.4AI score0.00109EPSS

WPVulnDB•added 2021/11/29 12:0 a.m.•16 views

Asgaros Forums < 1.15.14 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the /admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations wher...

4.8CVSS5AI score0.00619EPSS

WPVulnDB•added 2021/11/29 12:0 a.m.•14 views

Stetic < 1.0.9 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the statspage function found in the /stetic.php file, which made it possible for attackers to inject arbitrary web scripts. The CSRF issue has been fixed in 1.0.7, while sanitisation and escaping have been...

8.8CVSS4.1AI score0.00109EPSS

NVD•added 2021/11/22 11:15 p.m.•7 views

CVE-2020-22719

Shimo Document v2.0.1 contains a cross-site scripting XSS vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field...

5.4CVSS0.00206EPSS

Prion•added 2021/11/22 11:15 p.m.•14 views

Cross site scripting

3.5CVSS5.3AI score0.00206EPSS

Prion•added 2021/11/19 4:15 p.m.•14 views

Cross site scripting

The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the searchorder parameter found in the /views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8...

4.3CVSS6AI score0.00346EPSS

Exploits3References3Affected Software1

Vulnrichment•added 2021/11/19 3:35 p.m.•7 views

CVE-2021-42363 Preview E-Mails for WooCommerce <= 1.6.8 Reflected Cross-Site Scripting

6.1CVSS6.2AI score0.00346EPSS

Exploits3References3

Cvelist•added 2021/11/19 3:34 p.m.•12 views

CVE-2021-39353 Easy Registration Forms <= 2.1.1 Cross-Site Request Forgery to Stored Cross-Site Scripting

The Easy Registration Forms WordPress plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including...

8.8CVSS8.8AI score0.00086EPSS

WPVulnDB•added 2021/11/18 12:0 a.m.•19 views

Easy Registration Forms <= 2.1.1 - CSRF to Stored Cross-Site Scripting

The plugin is vulnerable to Cross-Site Request Forgery due to missing nonce validation via the ajaxaddform function found in the /includes/class-form.php file which made it possible for attackers to inject arbitrary web scripts in versions up to, and including 2.1.1...

8.8CVSS8.4AI score0.00086EPSS

Prion•added 2021/11/17 7:15 p.m.•15 views

Cross site scripting

The Contact Form Email WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the name parameter found in the /trunk/cp-admin-int-list.inc.php file which allowed attackers with administrative user access to inject arbitrary web scripts,...

2.1CVSS4.8AI score0.00445EPSS

Exploits0References2Affected Software1

Vulnrichment•added 2021/11/17 6:27 p.m.•10 views

CVE-2021-42361 Contact Form Email <= 1.3.24 Authenticated Stored Cross-Site Scripting

4.8CVSS5.8AI score0.00445EPSS

NVD•added 2021/11/16 7:15 p.m.•5 views

CVE-2020-21639

Ruijie RG-UAC 6000-E50 commit 9071227 was discovered to contain a cross-site scripting XSS vulnerability via the rulename parameter. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload...

6.1CVSS0.0024EPSS

Prion•added 2021/11/16 7:15 p.m.•14 views

Cross site scripting

4.3CVSS6AI score0.0024EPSS

Cvelist•added 2021/11/16 6:6 p.m.•10 views

CVE-2020-21639

6AI score0.0024EPSS