| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in afzal_du Reactive Mortgage Calculator reactive-mortgage-calculator allows Stored XSS.This issue affects Reactive Mortgage Calculator: from n/a through <= 1.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Mike spam-stopper spam-stopper allows Stored XSS.This issue affects spam-stopper: from n/a through <= 3.1.3. |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Alex Zaytseff Multi CryptoCurrency Payments multi-crypto-currency-payment allows SQL Injection.This issue affects Multi CryptoCurrency Payments: from n/a through <= 2.0.7. |
| An Improper Input Validation in EdgeMAX EdgeSwitch (Version 1.11.0 and earlier) could allow a Command Injection by a malicious actor with access to EdgeSwitch adjacent network.
Affected Products:
EdgeMAX EdgeSwitch (Version 1.11.0 and earlier)
Mitigation:
Update the EdgeMAX EdgeSwitch to Version 1.11.1 or later. |
| Cross-Site Request Forgery (CSRF) vulnerability in filipstepanov Phee's LinkPreview linkpreview allows Cross Site Request Forgery.This issue affects Phee's LinkPreview: from n/a through <= 1.6.7. |
| Cross-Site Request Forgery (CSRF) vulnerability in Jayesh Parejiya Social Media Links social-media-links allows Stored XSS.This issue affects Social Media Links: from n/a through <= 1.0.3. |
| The CS5000 Fire Panel is vulnerable due to a default account that exists
on the panel. Even though it is possible to change this by SSHing into
the device, it has remained unchanged on every installed system
observed. This account is not root but holds high-level permissions that
could severely impact the device's operation if exploited. |
| Missing Authorization vulnerability in Crypto Cloud CryptoCloud - Crypto Payment Gateway cryptocloud-crypto-payment-gateway allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CryptoCloud - Crypto Payment Gateway: from n/a through <= 2.1.2. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Deetronix Booking Ultra Pro booking-ultra-pro allows Reflected XSS.This issue affects Booking Ultra Pro: from n/a through <= 1.1.19. |
| Cross-Site Request Forgery (CSRF) vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through <= 2.1. |
| Cross-Site Request Forgery (CSRF) vulnerability in Jenst Add to Header add-to-header allows Stored XSS.This issue affects Add to Header: from n/a through <= 1.0. |
| Unencrypted storage in the database in Two App Studio Journey v5.5.9 for iOS allows local attackers to extract sensitive data via direct access to the app’s filesystem. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gerrygooner Rebuild Permalinks rebuild-permalinks allows Reflected XSS.This issue affects Rebuild Permalinks: from n/a through <= 1.6. |
| Cross-Site Request Forgery (CSRF) vulnerability in pixelgrade Style Manager style-manager allows Cross Site Request Forgery.This issue affects Style Manager: from n/a through <= 2.2.7. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in antonchanning bbPress2 shortcode whitelist bbpress2-shortcode-whitelist allows Stored XSS.This issue affects bbPress2 shortcode whitelist: from n/a through <= 2.2.1. |
| A local, low-privileged attacker can learn the password of the connected controller in PLC Designer V4 due to an incorrect implementation that results in the password being displayed in plain text under special conditions. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Daniel WP Social SEO Booster – Knowledge Graph Social Signals SEO wp-social-seo-booster allows Stored XSS.This issue affects WP Social SEO Booster – Knowledge Graph Social Signals SEO: from n/a through <= 1.2.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nurelm Get Posts nurelm-get-posts allows Stored XSS.This issue affects Get Posts: from n/a through <= 0.6. |
| Unrestricted Upload of File with Dangerous Type vulnerability in aidraw I Draw idraw allows Using Malicious Files.This issue affects I Draw: from n/a through <= 1.0. |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ExpertBusinessSearch Local Search SEO Contact Page local-search-seo-contact-page allows Stored XSS.This issue affects Local Search SEO Contact Page: from n/a through <= 4.0.1. |
