|
51
|
8.2 |
HIGH
Network
|
-
|
-
|
Balbooa Joomla Forms Builder 2.0.6 contains an unauthenticated SQL injection vulnerability in the form submission handler that allows remote attackers to execute arbitrary SQL queries. Attackers can …
New
|
CWE-89
SQL Injection
|
CVE-2021-47930
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
52
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Filterable Portfolio Gallery 1.0 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious JavaScript by entering payloads in the title field. Attac…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47929
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
53
|
8.2 |
HIGH
Network
|
-
|
-
|
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…
New
|
CWE-89
SQL Injection
|
CVE-2021-47928
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
54
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47927
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
55
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47926
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
56
|
6.4 |
MEDIUM
Network
|
-
|
-
|
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47925
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
57
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit P…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47924
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
58
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…
New
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-47923
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
59
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47922
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
60
|
6.4 |
MEDIUM
Network
|
-
|
-
|
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…
New
|
CWE-79
Cross-site Scripting
|
CVE-2021-47910
|
2026-05-10 22:16 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
