CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CVE•added 2021/10/22 7:20 p.m.•32 views

CVE-2020-23042

CVE-2020-23042 affects Dropouts Technologies LLP Super Backup v2.0.5. The vulnerability is a cross-site scripting (XSS) flaw in the path parameter of the list and download modules, enabling attackers to execute arbitrary web scripts or HTML via a crafted GET request. The issue is due to unsafely ...

6.1CVSS6AI score0.00328EPSS

Exploits1References1Affected Software1

Cvelist•added 2021/10/22 7:20 p.m.•14 views

CVE-2020-23054

A cross-site scripting XSS vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field...

5.9AI score0.00328EPSS

Cvelist•added 2021/10/22 7:20 p.m.•12 views

CVE-2020-28955

SugarCRM v6.5.18 was discovered to contain a cross-site scripting XSS vulnerability in the Create Employee module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the First Name or Last Name input fields...

5.3AI score0.00206EPSS

Cvelist•added 2021/10/22 7:20 p.m.•11 views

CVE-2020-28957

Multiple cross-site scripting XSS vulnerabilities in the Customer Add module of Foxlor v0.10.16 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the name, firstname, or username input fields...

5.5AI score0.00206EPSS

Cvelist•added 2021/10/22 7:19 p.m.•18 views

CVE-2020-36498

Macrob7 Macs Framework Content Management System - 1.14f contains a cross-site scripting XSS vulnerability in the account reset function, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the e-mail input field...

5.3AI score0.00206EPSS

Cvelist•added 2021/10/22 7:19 p.m.•10 views

CVE-2020-36499

TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a cross-site scripting XSS vulnerability in the content parameter of the Rubric Block Add module. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the rubric name value...

5.4AI score0.00206EPSS

Cvelist•added 2021/10/22 7:19 p.m.•16 views

CVE-2020-36501

Multiple cross-site scripting XSS vulnerabilities in the Support module of SugarCRM v6.5.18 allows attackers to execute arbitrary web scripts or HTML via crafted payloads entered into the primary address state or alternate address state input fields...

5.5AI score0.00206EPSS

NVD•added 2021/10/21 8:15 p.m.•12 views

CVE-2021-39328

The Simple Job Board WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping on the $jobboardprivacypolicylabel variable echo'd out via the /admin/settings/class-simple-job-board-settings-privacy.php file which allowed attackers with administrative user access t...

5.5CVSS0.00653EPSS

Prion•added 2021/10/21 8:15 p.m.•10 views

Cross site scripting

The Leaky Paywall WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the /class.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 4.16.5. This affec...

3.5CVSS4.8AI score0.00653EPSS

Prion•added 2021/10/21 8:15 p.m.•12 views

Cross site scripting

3.5CVSS4.8AI score0.00653EPSS

Cvelist•added 2021/10/21 7:38 p.m.•14 views

CVE-2021-39354 Easy Digital Downloads <= 2.11.2 Authenticated Reflected Cross-Site Scripting

The Easy Digital Downloads WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the $startdate and $enddate parameters found in the /includes/admin/payments/class-payments-table.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.11.2...

4.8CVSS5.2AI score0.0031EPSS

Exploits2References3

Cvelist•added 2021/10/21 7:38 p.m.•14 views

CVE-2021-39357 Leaky Paywall <= 4.16.5 Authenticated Stored Cross-Site Scripting

5.5CVSS5.4AI score0.00653EPSS

NVD•added 2021/10/19 3:15 p.m.•10 views

CVE-2021-39329

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

5.5CVSS0.00976EPSS

Prion•added 2021/10/19 3:15 p.m.•12 views

Cross site scripting

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in...

3.5CVSS4.8AI score0.0083EPSS

Prion•added 2021/10/19 3:15 p.m.•24 views

Cross site scripting

3.5CVSS4.8AI score0.00976EPSS

Vulnrichment•added 2021/10/19 2:15 p.m.•4 views

CVE-2021-39355 Indeed Job Importer <= 1.0.5 Authenticated Stored Cross-Site Scripting

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject...

5.5CVSS5.8AI score0.0083EPSS

Cvelist•added 2021/10/19 2:15 p.m.•17 views

CVE-2021-39355 Indeed Job Importer <= 1.0.5 Authenticated Stored Cross-Site Scripting

5.5CVSS5.4AI score0.0083EPSS

Vulnrichment•added 2021/10/19 2:14 p.m.•4 views

CVE-2021-39343 MPL-Publisher – Self-publish your book & ebook <= 1.30.2 Authenticated Stored Cross-Site Scripting

5.5CVSS5.8AI score0.0083EPSS