Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-12981 | 1 Wago | 8 762-3000, 762-3000 Firmware, 762-3001 and 5 more | 2021-05-20 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered on WAGO e!DISPLAY 762-3000 through 762-3003 devices with firmware before FW 02. The vulnerability can be exploited by authenticated and unauthenticated users by sending special crafted requests to the web server allowing injecting code within the WBM. The code will be rendered and/or executed in the browser of the user's browser. | |||||
| CVE-2021-20994 | 1 Wago | 10 0852-0303, 0852-0303 Firmware, 0852-1305 and 7 more | 2021-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In multiple managed switches by WAGO in different versions an attacker may trick a legitimate user to click a link to inject possible malicious code into the Web-Based Management. | |||||
| CVE-2021-20392 | 1 Ibm | 1 Qradar User Behavior Analytics | 2021-05-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar User Behavior Analytics 1.0.0 through 4.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2021-31537 | 1 Sisinformatik | 1 Sis-rewe Go | 2021-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). | |||||
| CVE-2020-28722 | 1 Deskpro | 1 Deskpro | 2021-05-19 | 3.5 LOW | 5.4 MEDIUM |
| Deskpro Cloud Platform and on-premise 2020.2.3.48207 from 2020-07-30 contains a cross-site scripting (XSS) vulnerability that can lead to an account takeover via custom email templates. | |||||
| CVE-2016-8359 | 1 Moxa | 19 Iologik E1200 Series Firmware, Iologik E1210, Iologik E1211 and 16 more | 2021-05-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Moxa ioLogik E1210, firmware Version V2.4 and prior, ioLogik E1211, firmware Version V2.3 and prior, ioLogik E1212, firmware Version V2.4 and prior, ioLogik E1213, firmware Version V2.5 and prior, ioLogik E1214, firmware Version V2.4 and prior, ioLogik E1240, firmware Version V2.3 and prior, ioLogik E1241, firmware Version V2.4 and prior, ioLogik E1242, firmware Version V2.4 and prior, ioLogik E1260, firmware Version V2.4 and prior, ioLogik E1262, firmware Version V2.4 and prior, ioLogik E2210, firmware versions prior to V3.13, ioLogik E2212, firmware versions prior to V3.14, ioLogik E2214, firmware versions prior to V3.12, ioLogik E2240, firmware versions prior to V3.12, ioLogik E2242, firmware versions prior to V3.12, ioLogik E2260, firmware versions prior to V3.13, and ioLogik E2262, firmware versions prior to V3.12. The web application fails to sanitize user input, which may allow an attacker to inject script or execute arbitrary code (CROSS-SITE SCRIPTING). | |||||
| CVE-2020-18165 | 1 Laobancms | 1 Laobancms | 2021-05-18 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in LAOBANCMS v2.0 allows remote attackers to execute arbitrary code by injecting commands into the "Website SEO Keywords" field on the page "admin/info.php?shuyu". | |||||
| CVE-2020-19274 | 1 Dhcms Project | 1 Dhcms | 2021-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. | |||||
| CVE-2020-18102 | 1 Hotels Server Project | 1 Hotels Server | 2021-05-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Hotels_Server v1.0 allows remote attackers to execute arbitrary code by injecting crafted commands the data fields in the component "/controller/publishHotel.php". | |||||
| CVE-2021-30174 | 1 Ruiyanai | 1 Cloudiso | 2021-05-17 | 3.5 LOW | 5.4 MEDIUM |
| RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks. | |||||
| CVE-2021-27733 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2020.6.6441, stored XSS was possible via an issue attachment. | |||||
| CVE-2021-31903 | 1 Jetbrains | 1 Youtrack | 2021-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS. | |||||
| CVE-2021-20717 | 1 Ec-cube | 1 Ec-cube | 2021-05-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE 4.0.0 to 4.0.5 allows a remote attacker to inject a specially crafted script in the specific input field of the EC web site which is created using EC-CUBE. As a result, it may lead to an arbitrary script execution on the administrator's web browser. | |||||
| CVE-2020-22428 | 1 Solarwinds | 2 Serv-u Ftp Server, Serv-u Mft Server | 2021-05-17 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Serv-U before 15.1.6 Hotfix 3 is affected by Cross Site Scripting (XSS) via a directory name (entered by an admin) containing a JavaScript payload. | |||||
| CVE-2021-20559 | 1 Ibm | 1 Control Desk | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM Control Desk 7.6.1.2 and 7.6.1.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199228. | |||||
| CVE-2021-20577 | 1 Ibm | 1 Cloud Pak For Security | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.5.0.0 and 1.5.0.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199281. | |||||
| CVE-2021-21649 | 1 Jenkins | 1 Dashboard View | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | |||||
| CVE-2021-21648 | 1 Jenkins | 1 Credentials | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-31904 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. | |||||
| CVE-2021-31911 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. | |||||
| CVE-2021-32544 | 1 Igt\+ Project | 1 Igt\+ | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks. | |||||
| CVE-2021-1490 | 1 Cisco | 1 Web Security Appliance | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to retrieve a crafted file that contains malicious payload and upload it to the affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2021-30213 | 1 Eng | 1 Knowage | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. | |||||
| CVE-2021-30212 | 1 Eng | 1 Knowage | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter. | |||||
| CVE-2021-30211 | 1 Eng | 1 Knowage | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter. | |||||
| CVE-2020-4535 | 1 Ibm | 1 Openpages Grc Platform | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906. | |||||
| CVE-2021-30172 | 1 Junhetec | 1 Omnidirectional Communication System | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2016-1180 | 2 Cyber-will, Ec-cube | 2 Social-button Premium, Ec-cube | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2021-1507 | 1 Cisco | 1 Sd-wan Vmanage | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. | |||||
| CVE-2020-23370 | 1 Yzmcms | 1 Yzmcms | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML. | |||||
| CVE-2020-23369 | 1 Yzmcms | 1 Yzmcms | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | |||||
| CVE-2020-23371 | 1 5none | 1 Nonecms | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter. | |||||
| CVE-2021-3315 | 1 Jetbrains | 1 Teamcity | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. | |||||
| CVE-2021-31908 | 1 Jetbrains | 1 Teamcity | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. | |||||
| CVE-2021-24250 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. | |||||
| CVE-2021-24214 | 1 Daggerhartlab | 1 Openid Connect Generic Client | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OpenID Connect Generic Client WordPress plugin 3.8.0 and 3.8.1 did not sanitise the login error when output back in the login form, leading to a reflected Cross-Site Scripting issue. This issue does not require authentication and can be exploited with the default configuration. | |||||
| CVE-2021-24243 | 1 Wpbakery Page Builder Clipboard Project | 1 Wpbakery Page Builder Clipboard | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| An AJAX action registered by the WPBakery Page Builder (Visual Composer) Clipboard WordPress plugin before 4.5.6 did not have capability checks nor sanitization, allowing low privilege users (subscriber+) to call it and set XSS payloads, which will be triggered in all backend pages. | |||||
| CVE-2021-24246 | 1 Purethemes | 2 Workscout, Workscout Core | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| The Workscout Core WordPress plugin before 1.3.4, used by the WorkScout Theme did not sanitise the chat messages sent via the workscout_send_message_chat AJAX action, leading to Stored Cross-Site Scripting and Cross-Frame Scripting issues | |||||
| CVE-2021-32092 | 1 Nsa | 1 Emissary | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter. | |||||
| CVE-2021-24293 | 1 Imagely | 1 Nextgen Gallery | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In the eCommerce module of the NextGEN Gallery Pro WordPress plugin before 3.1.11, there is an action to call get_cart_items via photocrati_ajax , after that the settings[shipping_address][name] is able to inject malicious javascript. | |||||
| CVE-2020-23373 | 1 5none | 1 Nonecms | 2021-05-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/nav/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2020-23374 | 1 5none | 1 Nonecms | 2021-05-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/article/add.html in noneCMS v1.3.0 allows remote authenticated attackers to inject arbitrary web script or HTML via the name parameter. | |||||
| CVE-2019-3485 | 1 Hp | 1 Arcsight Logger | 2021-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored cross site scripting issue in ArcSight Logger versions prior to 6.7.1 | |||||
| CVE-2019-3486 | 1 Hp | 1 Arcsight Management Center | 2021-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mitigates a stored cross site scripting issue in ArcSight Security Management Center versions prior to 2.9.1 | |||||
| CVE-2019-11649 | 1 Microfocus | 1 Fortify Software Security Center | 2021-05-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-Site Scripting vulnerability in Micro Focus Fortify Software Security Center Server, versions 17.2, 18.1, 18.2, has been identified in Micro Focus Software Security Center. The vulnerability could be exploited to execute JavaScript code in user’s browser. The vulnerability could be exploited to execute JavaScript code in user’s browser. | |||||
| CVE-2020-23263 | 1 Fork-cms | 1 Fork Cms | 2021-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Persistent Cross-site scripting vulnerability on Fork CMS version 5.8.2 allows remote attackers to inject arbitrary Javascript code via the "navigation_title" parameter and the "title" parameter in /private/en/pages/add. | |||||
| CVE-2021-32470 | 1 Craftcms | 1 Craft Cms | 2021-05-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.6.13 has an XSS vulnerability. | |||||
| CVE-2019-11825 | 1 Synology | 1 Calendar | 2021-05-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Event Editor in Synology Calendar before 2.3.0-0615 allows remote attackers to inject arbitrary web script or HTML via the title parameter. | |||||
| CVE-2021-26123 | 1 Livinglogic | 1 Xist4c | 2021-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm. | |||||
| CVE-2021-26122 | 1 Livinglogic | 1 Xist4c | 2021-05-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm. | |||||