|
4481
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Rocket LMS 1.1 contains a persistent cross-site scripting vulnerability in the support ticket module that allows authenticated users to inject malicious script code through the title parameter. Attac…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47907
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4482
|
6.4 |
MEDIUM
Network
|
-
|
-
|
AccessPress Social Icons 1.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by entering JavaScript payloads into the 'icon titl…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47910
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4483
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Slider by Soliloquy 2.6.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the title parameter. Attackers can add JavaScrip…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47922
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4484
|
9.8 |
CRITICAL
Network
|
-
|
-
|
OpenCart 3.0.3.8 contains a session fixation vulnerability that allows attackers to hijack user sessions by injecting arbitrary values into the OCSESSID cookie. Attackers can set malicious OCSESSID c…
|
CWE-290
Authentication Bypass by Spoofing
|
CVE-2021-47923
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4485
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Ultimate Product Catalog 5.8.2 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts through the price parameter. Attackers can submit P…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47924
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4486
|
6.4 |
MEDIUM
Network
|
-
|
-
|
CMDBuild 3.3.2 contains multiple stored cross-site scripting vulnerabilities that allow authenticated attackers to inject arbitrary web script or HTML via crafted input in card creation and file uplo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47925
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4487
|
6.4 |
MEDIUM
Network
|
-
|
-
|
Contact Form to Email 1.3.24 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by creating forms with script tags in the form name f…
|
CWE-79
Cross-site Scripting
|
CVE-2021-47926
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4488
|
6.4 |
MEDIUM
Network
|
-
|
-
|
WordPress Plugin WP Symposium Pro 2021.10 contains a stored cross-site scripting vulnerability that allows authenticated attackers to inject malicious scripts by exploiting insufficient sanitization …
|
CWE-79
Cross-site Scripting
|
CVE-2021-47927
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4489
|
8.2 |
HIGH
Network
|
-
|
-
|
Opencart TMD Vendor System 3.x contains a blind SQL injection vulnerability that allows unauthenticated attackers to extract database information by injecting SQL code through the product_id paramete…
|
CWE-89
SQL Injection
|
CVE-2021-47928
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
4490
|
9.8 |
CRITICAL
Network
|
-
|
-
|
WordPress TheCartPress 1.5.3.6 contains an unauthenticated privilege escalation vulnerability that allows attackers to create administrator accounts by submitting crafted requests to the AJAX handler…
|
CWE-862
Missing Authorization
|
CVE-2021-47932
|
2026-05-12 23:24 |
2026-05-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
