CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

CNVD•added 2021/10/18 12:0 a.m.•13 views

LaraCms Cross-Site Scripting Vulnerability

LaraCms is a modern content management system in China. version 1.0.1 of LaraCMS contains a cross-site scripting vulnerability, which can be exploited by attackers to execute arbitrary web scripts or HTML via specially crafted loads in the page management module...

3.5CVSS4.2AI score0.00281EPSS

Exploits1Affected Software1

NVD•added 2021/10/15 1:15 p.m.•9 views

CVE-2021-39345

The HAL WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including...

5.5CVSS0.00598EPSS

NVD•added 2021/10/15 1:15 p.m.•8 views

CVE-2021-39337

The job-portal WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/jobsfunction.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions ...

5.5CVSS0.00598EPSS

NVD•added 2021/10/15 1:15 p.m.•4 views

CVE-2021-39335

The WpGenius Job Listing WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /src/admin/class/class-wpgenious-job-listing-options.php file which allowed attackers with administrative user access to...

5.5CVSS0.00598EPSS

NVD•added 2021/10/15 1:15 p.m.•7 views

CVE-2021-39344

The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary w...

5.5CVSS0.0083EPSS

Prion•added 2021/10/15 1:15 p.m.•7 views

Cross site scripting

The Author Bio Box WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /includes/admin/class-author-bio-box-admin.php file which allowed attackers with administrative user access to inject arbitrar...

2.1CVSS4.8AI score0.0132EPSS

Prion•added 2021/10/15 1:15 p.m.•8 views

Cross site scripting

2.1CVSS4.8AI score0.0083EPSS

Prion•added 2021/10/15 1:15 p.m.•11 views

Cross site scripting

The MyBB Cross-Poster WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts, i...

2.1CVSS4.8AI score0.00598EPSS

Prion•added 2021/10/15 1:15 p.m.•10 views

Cross site scripting

2.1CVSS4.8AI score0.00598EPSS

CVE•added 2021/10/15 12:15 p.m.•43 views

CVE-2021-39344

CVE-2021-39344: The KJM Admin Notices WordPress plugin (versions

5.5CVSS4.9AI score0.0083EPSS

Vulnrichment•added 2021/10/15 12:15 p.m.•6 views

CVE-2021-39338 MyBB Cross-Poster <= 1.0 Authenticated Stored Cross-Site Scripting

5.5CVSS5.2AI score0.00598EPSS

Cvelist•added 2021/10/15 12:15 p.m.•16 views

CVE-2021-39336 Job Manager <= 0.7.25 Authenticated Stored Cross-Site Scripting

The Job Manager WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /admin-jobs.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to a...

5.5CVSS5.4AI score0.00653EPSS

NVD•added 2021/10/14 3:15 p.m.•10 views

CVE-2020-19962

A stored cross-site scripting XSS vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts...

5.4CVSS0.00281EPSS

Exploits1References1

Prion•added 2021/10/14 3:15 p.m.•11 views

Cross site scripting

A stored cross-site scripting XSS vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts...

3.5CVSS5.3AI score0.00281EPSS

Cvelist•added 2021/10/14 2:17 p.m.•11 views

CVE-2020-19962

A stored cross-site scripting XSS vulnerability in the getClientIp function in /lib/tinwin.class.php of Chaoji CMS 2.39, allows attackers to execute arbitrary web scripts...

5.3AI score0.00281EPSS

Exploits1References1

WPVulnDB•added 2021/10/14 12:0 a.m.•23 views

MyBB Cross-Poster <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /classes/MyBBXPSettings.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site...

5.5CVSS4.8AI score0.00598EPSS

WPVulnDB•added 2021/10/14 12:0 a.m.•17 views

HAL < 2.2 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the /wp-hal.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects multi-site installations where...

5.5CVSS4.2AI score0.00598EPSS

WPVulnDB•added 2021/10/14 12:0 a.m.•14 views

Job Board Vanila <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via the psjbexpin and the psjbcurrin parameters found in the /job-settings.php file which allowed attackers with administrative user access to inject arbitrary web scripts. This affects...

5.5CVSS4.4AI score0.00653EPSS