CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Vulnrichment•added 2021/09/20 8:16 p.m.•8 views

CVE-2021-34650 eID Easy <= 4.6 Reflected Cross-Site Scripting

5.4CVSS6.1AI score0.00191EPSS

Cvelist•added 2021/09/20 8:16 p.m.•11 views

CVE-2021-34650 eID Easy <= 4.6 Reflected Cross-Site Scripting

5.4CVSS6.2AI score0.00191EPSS

Prion•added 2021/09/20 8:15 p.m.•12 views

Cross site scripting

The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the loadpreviews function found in the /OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0...

4.3CVSS6.1AI score0.00186EPSS

Exploits0References2Affected Software1

Cvelist•added 2021/09/20 7:59 p.m.•10 views

CVE-2021-39325 OptinMonster <= 2.6.0 Reflected Cross-Site Scripting

6.1CVSS6.2AI score0.00186EPSS

WPVulnDB•added 2021/09/17 12:0 a.m.•16 views

eID Easy < 4.7 - Reflected Cross-Site Scripting

The plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the /admin.php file which allows attackers to inject arbitrary web scripts...

6.1CVSS4.7AI score0.00191EPSS

Exploits0References1Affected Software1

NVD•added 2021/09/10 2:15 p.m.•5 views

CVE-2021-38338

The Border Loading Bar WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the f and t parameter found in the /titan-framework/iframe-googlefont-preview.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.0.1...

CVE-2021-38340

The Wordpress Simple Shop WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the updaterow parameter found in the /includes/addproduct.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.2...

CVE-2021-38349

The Integration of Moneybird for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the errordescription parameter found in the /templates/wcmb-admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.1.1...

NVD•added 2021/09/10 2:15 p.m.•6 views

CVE-2021-38355

The Bug Library WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the successimportcount parameter found in the /bug-library.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.0.3...

CVE-2021-38330

The Yet Another bol.com Plugin WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /yabp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.4...

NVD•added 2021/09/10 2:15 p.m.•12 views

CVE-2021-38329

The DJ EmailPublish WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /dj-email-publish.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.7.2...

CVE-2021-38337

The RSVPMaker Excel WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to a reflected $SERVER"PHPSELF" value in the /phpexcel/PHPExcel/Shared/JAMA/docs/download.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.1...