CVE-2021-47885 - Payment Terminal Multiple Versions Non-Persistent Cross-Site Scripting
CVE ID : CVE-2021-47885
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47885
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Multiple payment terminal versions contain non-persistent cross-site scripting vulnerabilities in billing and payment information input fields. Attackers can inject malicious script code through vulnerable parameters to manipulate client-side requests and potentially execute session hijacking or phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47908 - Ultimate POS 4.4 Persistent Cross-Site Scripting via Product Name
CVE ID : CVE-2021-47908
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47908
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Ultimate POS 4.4 contains a persistent cross-site scripting vulnerability in the product name parameter that allows remote attackers to inject malicious scripts. Attackers can exploit the vulnerability through product add or edit functions to execute arbitrary JavaScript and potentially hijack user sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47909 - Mult-E-Cart Ultimate 2.4 SQL Injection via Vulnerable ID Parameters
CVE ID : CVE-2021-47909
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47909
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the 'id' parameter to execute malicious SQL commands and compromise the database management system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47911 - Affiliate Pro 1.7 Reflected Cross-Site Scripting via Index Module
CVE ID : CVE-2021-47911
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47911
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : Affiliate Pro 1.7 contains multiple reflected cross-site scripting vulnerabilities in the index module's input fields. Attackers can inject malicious scripts through fullname, username, and email parameters to execute client-side attacks and manipulate browser requests.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47912 - PHP Melody 3.0 Non-Persistent Cross-Site Scripting via Multiple Parameters
CVE ID : CVE-2021-47912
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47912
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody version 3.0 contains multiple non-persistent cross-site scripting vulnerabilities in categories, import, and user import files. Attackers can inject malicious scripts through unvalidated parameters to execute client-side attacks and potentially hijack user sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47913 - PHP Melody 3.0 Persistent Cross-Site Scripting via Video Editor
CVE ID : CVE-2021-47913
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47913
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody 3.0 contains a persistent cross-site scripting vulnerability in the video editor that allows privileged users to inject malicious scripts. Attackers can exploit the WYSIWYG editor to execute persistent scripts, potentially leading to session hijacking and application manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47914 - PHP Melody 3.0 Persistent XSS Vulnerability via Edit Video Parameter
CVE ID : CVE-2021-47914
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47914
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody version 3.0 contains a persistent cross-site scripting vulnerability in the edit-video.php submitted parameter that allows remote attackers to inject malicious script code. Attackers can exploit this vulnerability to execute arbitrary JavaScript, potentially leading to session hijacking, persistent phishing, and manipulation of application modules.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47915 - PHP Melody 3.0 SQL Injection Vulnerability via Edit Video Parameter
CVE ID : CVE-2021-47915
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47915
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 19 minutes ago
Description : PHP Melody version 3.0 contains a remote SQL injection vulnerability in the video edit module that allows authenticated attackers to inject malicious SQL commands. Attackers can exploit the unvalidated 'vid' parameter to execute arbitrary database queries and potentially compromise the web application and database management system.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47916 - Simple CMS 2.1 SQL Injection Vulnerability via Users Module
CVE ID : CVE-2021-47916
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47916
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47917 - Simple CMS 2.1 Persistent Cross-Site Scripting via User Input Parameters
CVE ID : CVE-2021-47917
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47917
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a persistent cross-site scripting vulnerability in user input parameters that allows remote attackers to inject malicious script code. Attackers can exploit the newUser and editUser modules to inject persistent scripts that execute on user list preview, potentially leading to session hijacking and application manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47918 - Simple CMS 2.1 SQL Injection Vulnerability via Users Module
CVE ID : CVE-2021-47918
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47918
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a remote SQL injection vulnerability that allows privileged attackers to inject unfiltered SQL commands in the users module. Attackers can exploit unvalidated input parameters in the admin.php file to compromise the database management system and web application.
Severity: 8.6 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47919 - Simple CMS 2.1 Non-Persistent Cross-Site Scripting via Preview Parameter
CVE ID : CVE-2021-47919
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47919
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Simple CMS 2.1 contains a non-persistent cross-site scripting vulnerability in the preview.php file's id parameter. Attackers can inject malicious script code through a GET request to execute arbitrary scripts and potentially hijack user sessions or perform phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47920 - WebMO Job Manager 20.0 Cross-Site Scripting via Search Parameters
CVE ID : CVE-2021-47920
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47920
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : WebMO Job Manager 20.0 contains a cross-site scripting vulnerability in search parameters that allows remote attackers to inject malicious script code. Attackers can exploit the filterSearch and filterSearchType parameters to perform non-persistent attacks including session hijacking and external redirects.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2021-47921 - Free Photo & Video Vault 0.0.2 Directory Traversal Vulnerability via Web Request
CVE ID : CVE-2021-47921
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2021-47921
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Free Photo & Video Vault 0.0.2 contains a directory traversal web vulnerability that allows remote attackers to manipulate application path requests and access sensitive system files. Attackers can exploit the vulnerability without privileges to retrieve environment variables and access unauthorized system paths.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50797 - Stripe Green Downloads Wordpress Plugin 2.03 Persistent XSS via Settings
CVE ID : CVE-2022-50797
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50797
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Stripe Green Downloads Wordpress Plugin 2.03 contains a persistent cross-site scripting vulnerability allowing remote attackers to inject malicious scripts in button label fields. Attackers can exploit input parameters to execute arbitrary scripts, potentially leading to session hijacking and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50940 - Knap Advanced PHP Login 3.1.3 Persistent Cross-Site Scripting via Name Parameter
CVE ID : CVE-2022-50940
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50940
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Knap Advanced PHP Login 3.1.3 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script code in the name parameter. Attackers can exploit the vulnerability to execute arbitrary scripts in users and activity log backend modules, potentially leading to session hijacking and persistent phishing attacks.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50941 - BootCommerce 3.2.1 Persistent Cross-Site Scripting via Order Checkout
CVE ID : CVE-2022-50941
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50941
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : BootCommerce 3.2.1 contains persistent input validation vulnerabilities that allow remote attackers to inject malicious script code through guest order checkout input fields. Attackers can exploit unvalidated input parameters to execute arbitrary scripts, potentially leading to session hijacking, phishing attacks, and application module manipulation.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50942 - Inciga Web 2.8.2 Client-Side Cross-Site Scripting via EventListener
CVE ID : CVE-2022-50942
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50942
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Inciga Web 2.8.2 contains a client-side cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through the icinga.min.js file. Attackers can exploit the EventListener.handleEvent method to execute arbitrary scripts, potentially leading to session hijacking and non-persistent phishing attacks.
Severity: 5.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50950 - Webile 1.0.1 Directory Traversal Vulnerability via Web Application
CVE ID : CVE-2022-50950
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50950
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Webile 1.0.1 contains a directory traversal vulnerability that allows remote attackers to manipulate file system paths without authentication. Attackers can exploit path manipulation to access sensitive system directories and potentially compromise the mobile device's local file system.
Severity: 7.1 | HIGH
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50951 - WiFi File Transfer 1.0.8 Persistent XSS via Web Server Input Validation
CVE ID : CVE-2022-50951
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50951
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : WiFi File Transfer 1.0.8 contains a persistent cross-site scripting vulnerability that allows remote attackers to inject malicious script codes through file and folder names. Attackers can exploit the web server's input validation weakness to execute arbitrary JavaScript when users preview infected file paths, potentially compromising user browser sessions.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE-2022-50952 - Banco Guayaquil 8.0.0 Mobile iOS Cross-Site Scripting via Profile Name Input
CVE ID : CVE-2022-50952
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...
CVE ID : CVE-2022-50952
Published : Feb. 1, 2026, 1:15 p.m. | 1 hour, 18 minutes ago
Description : Banco Guayaquil 8.0.0 mobile iOS application contains a persistent cross-site scripting vulnerability in the TextBox Name Profile input. Attackers can inject malicious script code through a POST request that executes on application review without user interaction.
Severity: 6.4 | MEDIUM
Visit the link for more details, such as CVSS details, affected products, timeline, and more...