Skip to main content
CVE-2019-8921 MEDIUM POC This Month

An issue was discovered in bluetoothd in BlueZ through 5.48. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Bluez Debian Linux
NVD VulDB
CVSS 3.1
6.5
EPSS
0.0%
CVE-2021-43787 MEDIUM POC PATCH This Month

Nodebb is an open source Node.js based forum software. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js Path Traversal XSS Nodebb
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-43692 MEDIUM POC This Month

youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Youtube Php Mirroring
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43695 MEDIUM POC This Month

issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Pbx
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43697 MEDIUM POC This Month

Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Redis PHP XSS Workerman Thinkphp Redis
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43696 MEDIUM POC This Month

twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Twmap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-43698 MEDIUM POC This Month

phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Phpwhois
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-24908 MEDIUM POC This Month

The Check & Log Email WordPress plugin before 1.0.4 does not escape the d parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Check Log Email
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24876 MEDIUM POC This Month

The Registrations for the Events Calendar WordPress plugin before 2.7.5 does not escape the v parameter before outputting it back in an attribute, leading to a Reflected Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Registrations For The Events Calendar
NVD WPScan
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-24927 MEDIUM POC This Month

The My Calendar WordPress plugin before 3.2.18 does not sanitise and escape the callback parameter of the mc_post_lookup AJAX action (available to any authenticated user) before outputting it back in. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS My Calendar
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24918 MEDIUM POC This Month

The Smash Balloon Social Post Feed WordPress plugin before 4.0.1 did not have any privilege or nonce validation before saving the plugin's setting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Smash Balloon Social Post Feed
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24842 MEDIUM POC This Month

The Bulk Datetime Change WordPress plugin before 1.12 does not enforce capability checks which allows users with Contributor roles to 1) list private post titles of other users and 2) change the. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Bulk Datetime Change
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24822 MEDIUM POC This Month

The Stylish Cost Calculator WordPress plugin before 7.0.4 does not have any authorisation and CSRF checks on some of its AJAX actions (available to authenticated users), which could allow any. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Stylish Cost Calculator
NVD WPScan
CVSS 3.1
5.4
EPSS
0.3%
CVE-2021-24751 MEDIUM POC This Month

The GenerateBlocks WordPress plugin before 1.4.0 does not validate the generateblocks/container block's tagName attribute, which could allow users with a role as low as contributor to perform. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Generateblocks
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24745 MEDIUM POC This Month

The About Author Box WordPress plugin before 1.0.2 does not sanitise and escape the Social Profiles field values before outputting them in attributes, which could allow user with a role as low as. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS About Author Box
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-21707 MEDIUM POC PATCH THREAT This Month

In PHP versions 7.3.x below 7.3.33, 7.4.x below 7.4.26 and 8.0.x below 8.0.13, certain XML parsing functions, like simplexml_load_file(), URL-decode the filename passed to them. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

PHP Information Disclosure Clustered Data Ontap Debian Linux Tenable Sc
NVD
CVSS 3.1
5.3
EPSS
26.0%
CVE-2021-43788 MEDIUM POC PATCH THREAT This Month

Nodebb is an open source Node.js based forum software. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js Path Traversal Nodebb
NVD GitHub
CVSS 3.1
5.0
EPSS
25.8%
CVE-2021-24899 MEDIUM POC This Month

The Media-Tags WordPress plugin through 3.2.0.2 does not sanitise and escape any of its Labels settings, which could allow high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Media Tags
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24811 MEDIUM POC This Month

The Shop Page WP WordPress plugin before 1.2.8 does not sanitise and escape some of the Product fields, allowing high privilege users to perform Cross-Site Scripting attacks even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Shop Page Wp
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24768 MEDIUM POC This Month

The WP RSS Aggregator WordPress plugin before 4.19.2 does not properly sanitise and escape the URL to Blacklist field, allowing malicious HTML to be inserted by high privilege users even when the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Rss Aggregator
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-24749 MEDIUM POC This Month

The URL Shortify WordPress plugin before 1.5.1 does not have CSRF check in place when bulk-deleting links or groups, which could allow attackers to make a logged in admin delete arbitrary link and. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Url Shortify
NVD WPScan
CVSS 3.1
4.3
EPSS
0.4%
CVE-2021-3802 MEDIUM POC PATCH This Month

A vulnerability found in udisks2. Rated medium severity (CVSS 4.2), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Udisks Fedora Enterprise Linux
NVD
CVSS 3.1
4.2
EPSS
0.8%
CVE-2021-39995 MEDIUM This Month

Some Huawei products use the OpenHpi software for hardware management. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Huawei Denial Of Service Information Disclosure Ecns280 Td Firmware +1
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-44201 MEDIUM PATCH This Month

Cross-site scripting (XSS) was possible in notification pop-ups. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44199 MEDIUM PATCH This Month

DLL hijacking could lead to denial of service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Microsoft Denial Of Service Agent Cyber Protect Cyber Protect Home Office
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-44203 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) was possible in protection plan details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44202 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) was possible in activity details. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-44200 MEDIUM PATCH This Month

Self cross-site scripting (XSS) was possible on devices page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Microsoft XSS Cyber Protect
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-24883 MEDIUM This Month

The Popup Anything WordPress plugin before 2.0.4 does not escape the Link Text and Button Text fields of Popup, which could allow users with a role as low as Contributor to perform Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Popup Anything
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-32061 MEDIUM PATCH This Month

S3Scanner before 2.0.2 allows Directory Traversal via a crafted bucket, as demonstrated by a <Key>../ substring in a ListBucketResult element. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal S3Scanner
NVD GitHub
CVSS 3.1
5.3
EPSS
1.6%
CVE-2021-42365 MEDIUM PATCH This Month

The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

WordPress XSS PHP Asgaros Forum
NVD
CVSS 3.1
4.8
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy