Skip to main content
CVE-2021-32276 MEDIUM POC This Month

An issue was discovered in faad2 through 2.10.0. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Faad2 Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32275 MEDIUM POC This Month

An issue was discovered in faust through v2.30.5. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Faust
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32270 MEDIUM POC This Month

An issue was discovered in gpac through 20200801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-32269 MEDIUM POC This Month

An issue was discovered in gpac through 20200801. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Gpac
NVD GitHub
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-24640 MEDIUM POC This Month

The WordPress Slider Block Gutenslider plugin before 5.2.0 does not escape the minWidth attribute of a Gutenburg block, which could allow users with a role as low as contributor to perform Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Gutenslider
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24637 MEDIUM POC This Month

The Google Fonts Typography WordPress plugin before 3.0.3 does not escape and sanitise some of its block settings, allowing users with as role as low as Contributor to perform Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Fonts
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24635 MEDIUM POC This Month

The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Visual Link Preview
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24618 MEDIUM POC This Month

The Donate With QRCode WordPress plugin before 1.4.5 does not sanitise or escape its QRCode Image setting, which result into a Stored Cross-Site Scripting (XSS). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Donate With Qrcode
NVD WPScan
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-24597 MEDIUM POC This Month

The You Shang WordPress plugin through 1.0.1 does not escape its qrcode links settings, which result into Stored Cross-Site Scripting issues in frontend posts and the plugins settings page depending. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS You Shang
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24587 MEDIUM POC This Month

The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Splash Header
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24584 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Timetable And Event Schedule
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-24582 MEDIUM POC This Month

The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Thinktwit
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24525 MEDIUM POC This Month

The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shortcodes Ultimate
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24613 MEDIUM POC This Month

The Post Views Counter WordPress plugin before 1.3.5 does not sanitise or escape its Post Views Label settings, which could allow high privilege users to perform Cross-Site Scripting attacks in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Post Views Counter
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24609 MEDIUM POC This Month

The WP Mapa Politico Espana WordPress plugin before 3.7.0 does not sanitise or escape some of its settings before outputting them in attributes, allowing high privilege users to perform Cross-Site. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Mapa Politico Espana
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24604 MEDIUM POC This Month

The Availability Calendar WordPress plugin before 1.2.2 does not sanitise or escape its Category Names before outputting them in page/post where the associated shortcode is embed, allowing high. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Availability Calendar
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24600 MEDIUM POC This Month

The WP Dialog WordPress plugin through 1.2.5.5 does not sanitise and escape some of its settings before outputting them in pages, allowing high privilege users to perform Cross-Site Scripting attacks. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Dialog
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24596 MEDIUM POC This Month

The youForms for WordPress plugin through 1.0.5 does not sanitise escape the Button Text field of its Templates, allowing high privilege users (editors and admins) to perform Cross-Site Scripting. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Youforms Free For Copecart
NVD WPScan
CVSS 3.1
4.8
EPSS
2.7%
CVE-2021-24530 MEDIUM POC This Month

The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Alojapro Widget
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24583 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Timetable And Event Schedule
NVD WPScan
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-29856 MEDIUM PATCH This Month

IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 could allow an authenticated usre to cause a denial of service through the WebGUI Map Creation page. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

IBM Denial Of Service Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-34650 MEDIUM PATCH This Month

The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Eid Easy
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-39325 MEDIUM PATCH This Month

The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Optinmonster
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-29821 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29820 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29819 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29818 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29817 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29809 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29808 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29807 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29806 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29811 MEDIUM PATCH This Month

IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 stores user credentials in plain clear text which can be read by an authenticated admin user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Insufficiently Protected Credentials vulnerability could allow attackers to obtain user credentials due to weak protection mechanisms.

IBM Information Disclosure Tivoli Netcool Omnibus Webgui
NVD
CVSS 3.1
4.9
EPSS
0.9%
CVE-2021-38899 MEDIUM PATCH This Month

IBM Cloud Pak for Data 2.5 could allow a local user with special privileges to obtain highly sensitive information. Rated medium severity (CVSS 4.4), this vulnerability is low attack complexity.

IBM Information Disclosure Cloud Pak For Data
NVD
CVSS 3.1
4.4
EPSS
0.3%
CVE-2020-8561 MEDIUM This Month

A security issue was discovered in Kubernetes where actors that control the responses of MutatingWebhookConfiguration or ValidatingWebhookConfiguration requests are able to redirect kube-apiserver. Rated medium severity (CVSS 4.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Kubernetes
NVD GitHub VulDB
CVSS 3.1
4.1
EPSS
0.2%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy