Total
42416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-47919 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 6.4 Medium |
| Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks. | ||||
| CVE-2021-47917 | 2 Simple-cms Project, Simplephpscripts | 3 Simple Cms, Simple Cms, Simple Cms Php | 2026-03-05 | 6.4 Medium |
| Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47914 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules. | ||||
| CVE-2021-47913 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation. | ||||
| CVE-2021-47912 | 1 Phpsugar | 1 Php Melody | 2026-03-05 | 6.4 Medium |
| PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions. | ||||
| CVE-2021-47911 | 2 Jdwebdesigner, Redefiningtheweb | 2 Affiliate Pro, Affiliate Pro | 2026-03-05 | 5.4 Medium |
| Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests. | ||||
| CVE-2021-47906 | 2 Bloofox, Bloofoxcms | 2 Bloofoxcms, Bloofoxcms | 2026-03-05 | 6.4 Medium |
| BloofoxCMS 0.5.2.1 contains a stored cross-site scripting vulnerability in the articles text parameter that allows authenticated attackers to inject malicious scripts. Attackers can insert malicious javascript payloads in the text field to execute scripts and potentially steal authenticated users' cookies. | ||||
| CVE-2021-47897 | 1 Peel | 1 Peel Shopping | 2026-03-05 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the address parameter of the change_params.php script. Attackers can inject malicious JavaScript payloads that execute when users interact with the address text box, potentially enabling client-side script execution. | ||||
| CVE-2021-47892 | 1 Peel | 1 Peel Shopping | 2026-03-05 | 7.2 High |
| PEEL Shopping 9.3.0 contains a stored cross-site scripting vulnerability in the 'Comments / Special Instructions' parameter of the purchase page. Attackers can inject malicious JavaScript payloads that will execute when the page is refreshed, potentially allowing client-side script execution. | ||||
| CVE-2021-47873 | 1 Vestacp | 2 Control Panel, Vesta Control Panel | 2026-03-05 | 7.2 High |
| VestaCP versions prior to 0.9.8-25 contain a cross-site scripting vulnerability in the IP interface configuration that allows attackers to inject malicious scripts. Attackers can exploit the 'v_interface' parameter by sending a crafted POST request to the add/ip/ endpoint with a stored XSS payload. | ||||
| CVE-2021-47858 | 1 Genexis | 2 Platinum-4410, Platinum-4410 Firmware | 2026-03-05 | 7.2 High |
| Genexis Platinum-4410 P4410-V2-1.31A contains a stored cross-site scripting vulnerability in the 'start_addr' parameter of the Security Management interface. Attackers can inject malicious scripts through the start source address field that will persist and trigger for privileged users when they access the security management page. | ||||
| CVE-2021-47855 | 2 Litespeed Technologies, Litespeedtech | 2 Openlitespeed, Openlitespeed | 2026-03-05 | 7.2 High |
| Openlitespeed 1.7.9 contains a stored cross-site scripting vulnerability in the dashboard's Notes parameter that allows administrators to inject malicious scripts. Attackers can craft a payload in the Notes field during listener configuration that will execute when an administrator clicks on the Default Icon. | ||||
| CVE-2021-47844 | 1 Xmind | 1 Xmind | 2026-03-05 | 6.1 Medium |
| Xmind 2020 contains a cross-site scripting vulnerability that allows attackers to inject malicious payloads into mind mapping files or custom headers. Attackers can craft malicious files with embedded JavaScript that execute system commands when opened, enabling remote code execution through mouse interactions or file opening. | ||||
| CVE-2021-47843 | 2 Pabloandumundu, Tagstoo | 2 Tagstoo, Tagstoo | 2026-03-05 | 5.4 Medium |
| Tagstoo 2.0.1 contains a stored cross-site scripting vulnerability that allows attackers to inject malicious payloads through files or custom tags. Attackers can execute arbitrary JavaScript code to spawn system processes, access files, and perform remote code execution on the victim's computer. | ||||
| CVE-2021-47839 | 2 Marky Project, Vesparny | 2 Marky, Marky | 2026-03-05 | 7.2 High |
| Marky 0.0.1 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts into markdown files. Attackers can upload crafted markdown files with embedded JavaScript payloads that execute when the file is opened, potentially enabling remote code execution. | ||||
| CVE-2021-47837 | 2 Amitmerchant1990, Matthewwithanm | 2 Markdownify, Markdownify | 2026-03-05 | 7.2 High |
| Markdownify 1.2.0 contains a persistent cross-site scripting vulnerability that allows attackers to store malicious payloads within markdown files. Attackers can upload crafted markdown files with embedded scripts that execute when the file is opened, potentially enabling remote code execution. | ||||
| CVE-2021-47834 | 1 Schlix | 1 Cms | 2026-03-05 | 6.4 Medium |
| Schlix CMS 2.2.6-6 contains a persistent cross-site scripting vulnerability that allows authenticated users to inject malicious scripts into category titles. Attackers can create a new contact category with a script payload that will execute when the page is viewed by other users. | ||||
| CVE-2021-47817 | 2 Open-emr, Openemr | 2 Openemr, Openemr | 2026-03-05 | 5.4 Medium |
| OpenEMR 5.0.2.1 contains a cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript through user profile parameters. Attackers can exploit the vulnerability by crafting a malicious payload to download and execute a web shell, enabling remote command execution on the vulnerable OpenEMR instance. | ||||
| CVE-2021-47808 | 1 Cotonti | 1 Cotonti Siena | 2026-03-05 | 5.4 Medium |
| Cotonti Siena 0.9.19 contains a stored cross-site scripting vulnerability in the admin configuration panel's site title parameter. Attackers can inject malicious JavaScript code through the 'maintitle' parameter to execute scripts when administrators view the page. | ||||
| CVE-2021-47750 | 1 Youphptube | 1 Youphptube | 2026-03-05 | 6.1 Medium |
| YouPHPTube <= 7.8 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through the redirectUri parameter in the signup page. Attackers can craft special signup URLs with embedded script tags to execute arbitrary JavaScript in victims' browsers when they access the signup page. | ||||