| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Certain NETGEAR devices are affected by stored XSS. This affects D6100 before 1.0.0.57, DM200 before 1.0.0.50, EX2700 before 1.0.1.32, EX6100v2 before 1.0.1.70, EX6150v2 before 1.0.1.70, EX6200v2 before 1.0.1.62, EX6400 before 1.0.1.78, EX7300 before 1.0.1.78, EX8000 before 1.0.0.114, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7800 before 1.0.2.42, R8900 before 1.0.3.10, R9000 before 1.0.3.10, WN2000RPTv3 before 1.0.1.26, WN3000RPv3 before 1.0.2.66, WN3100RPv2 before 1.0.0.42, WNDR3700v4 before 1.0.2.96, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. |
| Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64. |
| Certain NETGEAR devices are affected by a hardcoded password. This affects D3600 before 1.0.0.76 and D6000 before 1.0.0.76. |
| Certain NETGEAR devices are affected by stored XSS. This affects SRR60 before 2.2.1.210 and SRS60 before 2.2.1.210. |
| Jupyter Notebook before 5.5.0 does not use a CSP header to treat served files as belonging to a separate origin. Thus, for example, an XSS payload can be placed in an SVG document. |
| The buddyboss-media plugin through 3.2.3 for WordPress has stored XSS. |
| The cf7-invisible-recaptcha plugin before 1.3.2 for WordPress has XSS. |
| The anycomment plugin before 0.0.33 for WordPress has XSS. |
| The advanced-custom-fields (aka Elliot Condon Advanced Custom Fields) plugin before 5.7.8 for WordPress has XSS by authors. |
| The wp-retina-2x plugin before 5.2.3 for WordPress has XSS. |
| The media-library-assistant plugin before 2.74 for WordPress has XSS via the Media/Assistant or Settings/Media Library assistant admin submenu screens. |
| The wp-all-import plugin before 3.4.7 for WordPress has XSS. |
| Fat Free CRM before 0.18.1 has XSS in the tags_helper in app/helpers/tags_helper.rb. |
| The pdf-print plugin before 2.0.3 for WordPress has multiple XSS issues. |
| The woocommerce-jetpack plugin before 3.8.0 for WordPress has XSS in the Products Per Page feature. |
| The ultimate-member plugin before 2.0.4 for WordPress has XSS. |
| The contact-form-to-email plugin before 1.2.66 for WordPress has XSS. |
| The Backpack\CRUD Backpack component before 3.4.9 for Laravel allows XSS via the select field type. |
| Swann SWWHD-INTCAM-HD devices have the twipc root password, leading to FTP access as root. NOTE: all affected customers were migrated by 2020-08-31. |
| cPanel before 68.0.27 allows self XSS in the WHM listips interface (SEC-389). |
