Skip to main content
CVE-2021-3485 MEDIUM POC This Month

An Improper Input Validation vulnerability in the Product Update feature of Bitdefender Endpoint Security Tools for Linux allows a man-in-the-middle attacker to abuse the DownloadFile function of the. Rated medium severity (CVSS 6.6), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

RCE Endpoint Security Tools
NVD
CVSS 3.1
6.6
EPSS
0.9%
CVE-2021-23387 MEDIUM POC PATCH This Month

The package trailing-slash before 2.0.1 are vulnerable to Open Redirect via the use of trailing double slashes in the URL when accessing the vulnerable endpoint (such as. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Open Redirect Trailing Slash
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-30083 MEDIUM POC This Month

An issue was discovered in Mediat 1.4.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Mediat
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-30082 MEDIUM POC This Month

An issue was discovered in Gris CMS v0.1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Gris Cms
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-25938 MEDIUM POC PATCH This Month

In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Arangodb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24305 MEDIUM POC This Month

The Target First WordPress Plugin v2.0, also previously known as Watcheezy, suffers from a critical unauthenticated stored XSS vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Watcheezy
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24300 MEDIUM POC THREAT This Month

The slider import search feature of the PickPlugins Product Slider for WooCommerce WordPress plugin before 1.13.22 did not properly sanitised the keyword GET parameter, leading to reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Product Slider For Woocommerce
NVD WPScan Exploit-DB
CVSS 3.1
6.1
EPSS
10.6%
CVE-2021-24298 MEDIUM POC This Month

The method and share GET parameters of the Giveaway pages were not sanitised, validated or escaped before being output back in the pages, thus leading to reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Simple Giveaways
NVD WPScan
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-24297 MEDIUM POC This Month

The Goto WordPress theme before 2.1 did not properly sanitize the formvalue JSON POST parameter in its tl_filter AJAX action, leading to an unauthenticated Reflected Cross-site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Goto
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24294 MEDIUM POC This Month

The dsgvoaio_write_log AJAX action of the DSGVO All in one for WP WordPress plugin before 4.0 did not sanitise or escape some POST parameter submitted before outputting them in the Log page in the. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Dsgvo All In One For Wp
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24308 MEDIUM POC This Month

The 'State' field of the Edit profile page of the LMS by LifterLMS - Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.1 is not properly sanitised when. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Lifterlms
NVD GitHub WPScan Exploit-DB
CVSS 3.1
5.4
EPSS
3.2%
CVE-2021-24306 MEDIUM POC This Month

The Ultimate Member - User Profile, User Registration, Login & Membership Plugin WordPress plugin before 2.1.20 did not properly sanitise, validate or encode the query string when generating a link. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Ultimate Member
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24302 MEDIUM POC This Month

The Hana Flv Player WordPress plugin through 3.1.3 is vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) vulnerability within the 'Default Skin' field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Hana Flv Player
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24301 MEDIUM POC This Month

The Hotjar Connecticator WordPress plugin through 1.1.1 is vulnerable to Stored Cross-Site Scripting (XSS) in the 'hotjar script' textarea. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Hotjar Connecticator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-33562 MEDIUM POC PATCH This Month

A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Shopizer
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.9%
CVE-2021-33561 MEDIUM POC PATCH This Month

A stored cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via customer_name in various forms of store administration. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Shopizer
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
2.9%
CVE-2021-24332 MEDIUM POC This Month

The Autoptimize WordPress plugin before 2.8.4 was missing proper escaping and sanitisation in some of its settings, allowing high privilege users to set XSS payloads in them, leading to stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24296 MEDIUM POC This Month

The WP Customer Reviews WordPress plugin before 3.5.6 did not sanitise some of its settings, allowing high privilege users such as administrators to set XSS payloads in them which will then be. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Customer Reviews
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-3559 MEDIUM PATCH This Month

A flaw was found in libvirt in the virConnectListAllNodeDevices API in versions before 7.0.0. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libvirt Ontap Select Deploy Administration Utility
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-21989 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Information Disclosure VMware Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-21988 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (JPEG2000 Parser). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Information Disclosure VMware Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-21987 MEDIUM PATCH This Month

VMware Workstation (16.x prior to 16.1.2) and Horizon Client for Windows (5.x prior to 5.5.2) contain out-of-bounds read vulnerability in the Cortado ThinPrint component (TTC Parser). Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow Microsoft Information Disclosure VMware Workstation +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-21001 MEDIUM This Month

On WAGO PFC200 devices in different firmware versions with special crafted packets an authorised attacker with network access to the device can access the file system with higher privileges. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal 750 823 Firmware 750 829 Firmware 750 831 Firmware 750 832 Firmware +23
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-20386 MEDIUM PATCH This Month

IBM Security Guardium 11.2 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Guardium
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-33496 MEDIUM PATCH This Month

Dutchcoders transfer.sh before 1.2.4 allows XSS via an inline view. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Transfer Sh
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-20725 MEDIUM This Month

Reflected cross-site scripting vulnerability in the admin page of [Calendar01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Calendar01
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20724 MEDIUM This Month

Reflected cross-site scripting vulnerability in the admin page of [Telop01] free edition ver1.0.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Telop01
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20723 MEDIUM This Month

Reflected cross-site scripting vulnerability in [MailForm01] free edition (versions which the last updated date listed at the top of descriptions in the program file is from 2014 December 12 to 2018. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mailform01
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32624 MEDIUM This Month

Keystone 5 is an open source CMS platform to build Node.js applications. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable. No vendor patch available.

Node.js Oracle Information Disclosure Keystone 5
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20428 MEDIUM PATCH This Month

IBM Security Guardium 11.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

IBM Information Disclosure Security Guardium
NVD
CVSS 3.1
5.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy