Search Results (Refine Search)

Search Parameters:
There are 153,327 matching records.
Displaying matches 241 through 260.
Vuln ID Summary CVSS Severity
CVE-2021-31411

Insecure temporary directory usage in frontend build functionality of com.vaadin:flow-server versions 2.0.9 through 2.5.2 (Vaadin 14.0.3 through Vaadin 14.5.2), 3.0 prior to 6.0 (Vaadin 15 prior to 19), and 6.0.0 through 6.0.5 (Vaadin 19.0.0 through 19.0.4) allows local users to inject malicious code into frontend resources during application rebuilds.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-29101

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24293

In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24276

The Contact Form by Supsystic WordPress plugin before 1.7.15 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24275

The Popup by Supsystic WordPress plugin before 1.10.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24274

The Ultimate Maps by Supsystic WordPress plugin before 1.2.5 did not sanitise the tab parameter of its options page before outputting it in an attribute, leading to a reflected Cross-Site Scripting issue

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24273

The “Clever Addons for Elementor” WordPress Plugin before 2.1.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24272

The fitness calculators WordPress plugin before 1.9.6 add calculators for Water intake, BMI calculator, protein Intake, and Body Fat and was lacking CSRF check, allowing attackers to make logged in users perform unwanted actions, such as change the calculator headers. Due to the lack of sanitisation, this could also lead to a Stored Cross-Site Scripting issue

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24271

The “Ultimate Addons for Elementor” WordPress Plugin before 1.30.0 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24270

The “DeTheme Kit for Elementor” WordPress Plugin before 1.5.5.5 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24269

The “Sina Extension for Elementor” WordPress Plugin before 3.3.12 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24268

The “JetWidgets For Elementor” WordPress Plugin before 1.0.9 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.1: 5.4 MEDIUM
V2.0: 3.5 LOW
CVE-2021-24267

The “All-in-One Addons for Elementor – WidgetKit” WordPress Plugin before 2.3.10 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24266

The “The Plus Addons for Elementor Page Builder Lite” WordPress Plugin before 2.0.6 has four widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24265

The “Rife Elementor Extensions & Templates” WordPress Plugin before 1.1.6 has a widget that is vulnerable to stored Cross-Site Scripting(XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24264

The “Image Hover Effects – Elementor Addon” WordPress Plugin before 1.3.4 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24263

The “Elementor Addons – PowerPack Addons for Elementor” WordPress Plugin before 2.3.2 for WordPress has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24262

The “WooLentor – WooCommerce Elementor Addons + Builder” WordPress Plugin before 1.8.6 has a widget that is vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24261

The “HT Mega – Absolute Addons for Elementor Page Builder” WordPress Plugin before 1.5.7 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-24260

The “Livemesh Addons for Elementor” WordPress Plugin before 6.8 has several widgets that are vulnerable to stored Cross-Site Scripting (XSS) by lower-privileged users such as contributors, all via a similar method.

Published: May 05, 2021; 3:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)