|
1571
|
6.4 |
MEDIUM
Network
|
-
|
-
|
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47910
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1572
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47922
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1573
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…
Update
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-47923
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1574
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit P…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47924
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1575
|
6.4 |
MEDIUM
Network
|
-
|
-
|
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47925
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1576
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47926
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1577
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
Update
|
CWE-79
Cross-site Scripting
|
CVE-2021-47927
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1578
|
8.2 |
HIGH
Network
|
-
|
-
|
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…
Update
|
CWE-89
SQL Injection
|
CVE-2021-47928
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1579
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…
Update
|
CWE-862
Missing Authorization
|
CVE-2021-47932
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1580
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress MStore API 2.0.6 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the REST API endpoint. Attackers…
Update
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2021-47933
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
