CWE-707

Improper Neutralization

The product does not ensure or incorrectly ensures that structured messages or data are well-formed and that certain security properties are met before being read from an upstream component or sent to a downstream component.

251 vulnerabilities with CWE-707
CVE-2021-4269 LOW
simplerisk < 20220306-001 - Cross-Site Scripting via checkAndSetValidation Function
CVSS 3.5
CVE-2021-4267 LOW
tad_discuss < 2021-03-23 - Cross-Site Scripting via DiscussTitle Argument
CVSS 3.5
CVE-2021-4266 LOW
Hitachi Community Plugin Framework < 9.5.0.0-81 - Cross-Site Scripting via DependenciesPackage.java baseUrl Parameter
CVSS 3.5
CVE-2021-4265 LOW
siwapp-ror < 2021-10-19 - Cross-Site Scripting
CVSS 3.5
CVE-2021-4262 MEDIUM
laravel-jqgrid < 2017-10-09 - SQL Injection in EloquentRepositoryAbstract getRows Function
CVSS 5.5
CVE-2021-4261 MEDIUM
pacman-canvas <1.0.6 - SQL Injection
CVSS 6.3
CVE-2021-4257 LOW
ctrlo lenio < 2021-02-08 - Cross-Site Scripting via Task Handler
CVSS 3.5
CVE-2021-4256 LOW
ctrlo lenio < 2021-02-08 - Cross-Site Scripting via task.name/task.site.org.name
CVSS 3.5
CVE-2021-4255 LOW
ctrlo lenio < 2021-02-08 - Cross-Site Scripting via contractor.name Parameter
CVSS 3.5
CVE-2021-4254 LOW
ctrlo lenio < 2021-02-08 - Cross-Site Scripting via Notice Handler
CVSS 3.5
CVE-2021-4253 LOW
ctrlo lenio < 2021-02-09 - Cross-Site Scripting via site_id Argument
CVSS 3.5
CVE-2021-4252 LOW
WP-Ban < 2021-11-24 - Cross-Site Scripting via HTTP_USER_AGENT in ban-options.php
CVSS 3.5
CVE-2021-4251 LOW
andrewsauder as include.cdn.php - Cross-Site Scripting
CVSS 3.5
CVE-2021-4246 MEDIUM
roxlukas LMeve < 0.1.61 - SQL Injection via X-Forwarded-For Header
CVSS 6.3
CVE-2021-4244 LOW
yikes-inc-easy-mailchimp-extender <6.8.5 - XSS
CVSS 2.6
CVE-2021-4242 MEDIUM
Sapido BR270n BRC76n GR297 RB1732 - OS Command Injection via ip/syscmd.htm
CVSS 6.3
CVE-2021-27493 MEDIUM
Philips Vue PACS <12.2.x.x - Info Disclosure
CVSS 6.1
CVE-2020-36626 MEDIUM
Modern Tribe Panel Builder Plugin - SQL Injection
CVSS 5.5
CVE-2020-36621 LOW
whatismyudid < 2020-09-30 - Cross-Site Scripting in MobileConfig Enrollment Function
CVSS 3.5
CVE-2020-36609 LOW
DuxCMS 2.1 - Cross-Site Scripting in Article Handler
CVSS 2.4
CVE-2020-36608 LOW
Tribal Systems Zenario < 8.7 and < 8.5.51340 - Cross-Site Scripting in Error Log Module
CVSS 3.5
CVE-2020-11080 LOW
nghttp2 < 1.41.0 - Denial of Service via Large HTTP/2 SETTINGS Frame Payload
CVSS 3.7
CVE-2020-11030 MEDIUM
WordPress <5.4.1 - Authenticated RCE
CVSS 6.4
CVE-2020-11026 HIGH
WordPress <5.4.1 - Authenticated RCE
CVSS 8.7
CVE-2019-10052 HIGH
Suricata 4.1.3 - Denial of Service via DHCP Client ID Option Parsing
CVSS 7.5
Details
Vulnerabilities 251
Links
MITRE CWE Entry Search this CWE With Exploits