Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9576 | 1 Adenion | 1 Blog2social | 2021-02-24 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Blog2Social plugin before 5.0.3 for WordPress allows wp-admin/admin.php?page=blog2social-ship XSS. | |||||
| CVE-2020-35592 | 1 Pi-hole | 1 Pi-hole | 2021-02-24 | 3.5 LOW | 5.4 MEDIUM |
| Pi-hole 5.0, 5.1, and 5.1.1 allows XSS via the Options header to the admin/ URI. A remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against other users and steal the session cookie. | |||||
| CVE-2021-3271 | 1 Pressbooks | 1 Pressbooks | 2021-02-24 | 3.5 LOW | 4.8 MEDIUM |
| PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS. | |||||
| CVE-2021-27368 | 1 Monicahq | 1 Monica | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | |||||
| CVE-2021-27559 | 1 Monicahq | 1 Monica | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. | |||||
| CVE-2021-27371 | 1 Monicahq | 1 Monica | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the Description field. | |||||
| CVE-2021-27369 | 1 Monicahq | 1 Monica | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | |||||
| CVE-2017-15188 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 3.5 LOW | 4.8 MEDIUM |
| A persistent (stored) XSS vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the hosts array parameter to module/admin_device/index.php. | |||||
| CVE-2017-14753 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the filter parameter to module/module_filters/index.php. | |||||
| CVE-2017-14983 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated administrators to inject arbitrary web script or HTML via the object parameter to module/admin_conf/index.php. | |||||
| CVE-2017-14984 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the bp_name parameter to /module/admin_bp/add_services.php. | |||||
| CVE-2017-14985 | 1 Eyesofnetwork | 1 Eyesofnetwork | 2021-02-23 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the EyesOfNetwork web interface (aka eonweb) 5.1-0 allows remote authenticated users to inject arbitrary web script or HTML via the url parameter to module/module_frame/index.php. | |||||
| CVE-2020-4933 | 3 Ibm, Linux, Microsoft | 3 Jazz Reporting Service, Linux Kernel, Windows | 2021-02-22 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Reporting Service 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191751. | |||||
| CVE-2021-20444 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196620. | |||||
| CVE-2020-2502 | 1 Qnap | 1 Photo Station | 2021-02-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| This cross-site scripting vulnerability in Photo Station allows remote attackers to inject malicious code. QANP We have already fixed this vulnerability in the following versions of Photo Station. Photo Station 6.0.11 and later | |||||
| CVE-2018-1000887 | 1 Peel | 1 Peel Shopping | 2021-02-22 | 3.5 LOW | 4.8 MEDIUM |
| Peel shopping peel-shopping_9_1_0 version contains a Cross Site Scripting (XSS) vulnerability that can result in an authenticated user injecting java script code in the "Site Name EN" parameter. This attack appears to be exploitable if the malicious user has access to the administration account. | |||||
| CVE-2020-35753 | 3 Linux, Microsoft, Persis | 3 Linux Kernel, Windows, Human Resource Management Portal | 2021-02-22 | 2.6 LOW | 6.1 MEDIUM |
| The job posting recommendation form in Persis Human Resource Management Portal (Versions 17.2.00 through 17.2.35 and 19.0.00 through 19.0.20), when the "Recommend job posting" function is enabled, allows XSS via the SENDER parameter. | |||||
| CVE-2020-29025 | 1 Secomea | 1 Sitemanager Embedded | 2021-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in SiteManager-Embedded (SM-E) Web server which may allow attacker to construct a URL that if visited by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application. This issue affects all versions and variants of SM-E prior to version 9.3 | |||||
| CVE-2020-35563 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is an incomplete XSS filter allowing an attacker to inject crafted malicious code into the page. | |||||
| CVE-2020-35569 | 1 Mbconnectline | 2 Mbconnect24, Mymbconnect24 | 2021-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MB CONNECT LINE mymbCONNECT24 and mbCONNECT24 through 2.6.2. There is a self XSS issue with a crafted cookie in the login page. | |||||
| CVE-2021-20446 | 3 Ibm, Linux, Microsoft | 3 Maximo For Civil Infrastructure, Linux Kernel, Windows | 2021-02-19 | 3.5 LOW | 5.4 MEDIUM |
| IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622. | |||||
| CVE-2021-22979 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP version 16.0.x before 16.0.1, 15.1.x before 15.1.1, 14.1.x before 14.1.2.8, 13.1.x before 13.1.3.5, and all 12.1.x versions, a reflected Cross-Site Scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility when Fraud Protection Service is provisioned and allows an attacker to execute JavaScript in the context of the current logged-in user. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-26925 | 2 Fedoraproject, Roundcube | 2 Fedora, Roundcube | 2021-02-19 | 3.5 LOW | 5.4 MEDIUM |
| Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | |||||
| CVE-2020-36236 | 1 Atlassian | 2 Jira, Jira Software Data Center | 2021-02-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the ViewWorkflowSchemes.jspa and ListWorkflows.jspa endpoints. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
| CVE-2020-14210 | 1 Monitorapp | 2 Application Insight Web Application, Web Application Firewall | 2021-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-Site Scripting (XSS) vulnerability in MONITORAPP WAF in which script can be executed when responding to Request URL information. It provides a function to response to Request URL information when blocking. | |||||
| CVE-2021-22983 | 1 F5 | 1 Big-ip Advanced Firewall Manager | 2021-02-18 | 3.5 LOW | 5.4 MEDIUM |
| On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2020-29027 | 1 Secomea | 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more | 2021-02-18 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in GUI of Secomea SiteManager could allow an attacker to cause an XSS Attack. This issue affects: Secomea SiteManager all versions prior to 9.3. | |||||
| CVE-2020-36234 | 1 Atlassian | 2 Data Center, Jira | 2021-02-18 | 3.5 LOW | 4.8 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Screens Modal view. The affected versions are before version 8.5.11, from version 8.6.0 before 8.13.3, and from version 8.14.0 before 8.15.0. | |||||
| CVE-2021-27237 | 1 Blackcat-cms | 1 Blackcat Cms | 2021-02-17 | 3.5 LOW | 4.8 MEDIUM |
| The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | |||||
| CVE-2021-3294 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2021-02-17 | 3.5 LOW | 5.4 MEDIUM |
| CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website. | |||||
| CVE-2020-22841 | 1 B2evolution | 1 B2evolution | 2021-02-17 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module. | |||||
| CVE-2020-8031 | 1 Opensuse | 1 Open Build Service | 2021-02-17 | 3.5 LOW | 5.4 MEDIUM |
| A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Open Build Service allows remote attackers to store JS code in markdown that is not properly escaped, impacting confidentiality and integrity. This issue affects: Open Build Service versions prior to 2.10.8. | |||||
| CVE-2021-20654 | 1 Wekan Project | 1 Wekan | 2021-02-16 | 3.5 LOW | 5.4 MEDIUM |
| Wekan, open source kanban board system, between version 3.12 and 4.11, is vulnerable to multiple stored cross-site scripting. This is named 'Fieldbleed' in the vendor's site. | |||||
| CVE-2021-26549 | 1 Smartfoxserver | 1 Smartfoxserver | 2021-02-16 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. | |||||
| CVE-2021-21023 | 1 Magento | 1 Magento | 2021-02-16 | 3.5 LOW | 4.8 MEDIUM |
| Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to a stored cross-site scripting vulnerability in the admin console. Successful exploitation could lead to arbitrary JavaScript execution in the victim's browser. Access to the admin console is required for successful exploitation. | |||||
| CVE-2021-20645 | 1 Elecom | 2 Wrc-300febk-a, Wrc-300febk-a Firmware | 2021-02-15 | 4.3 MEDIUM | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM WRC-300FEBK-A allows remote authenticated attackers to inject arbitrary script via unspecified vectors. | |||||
| CVE-2018-8006 | 1 Apache | 1 Activemq | 2021-02-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the queue.jsp page of Apache ActiveMQ versions 5.0.0 to 5.15.5. The root cause of this issue is improper data filtering of the QueueFilter parameter. | |||||
| CVE-2020-24842 | 1 Sdgc | 1 Pnpscada | 2021-02-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| PNPSCADA 2.200816204020 allows cross-site scripting (XSS), which can execute arbitrary JavaScript in the victim's browser. | |||||
| CVE-2021-23327 | 1 Fusioncharts | 1 Apexcharts | 2021-02-13 | 4.3 MEDIUM | 6.3 MEDIUM |
| The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields. | |||||
| CVE-2020-22839 | 1 B2evolution | 1 B2evolution Cms | 2021-02-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter. | |||||
| CVE-2020-4768 | 1 Ibm | 2 Business Automation Workflow, Case Manager | 2021-02-12 | 3.5 LOW | 5.4 MEDIUM |
| IBM Case Manager 5.2 and 5.3 and IBM Business Automation Workflow 18.0, 19.0, and 20.0 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188907. | |||||
| CVE-2020-29171 | 1 Tipsandtricks-hq | 1 Wp Security \& Firewall | 2021-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in admin/wp-security-blacklist-menu.php in the Tips and Tricks HQ All In One WP Security & Firewall (all-in-one-wp-security-and-firewall) plugin before 4.4.6 for WordPress. | |||||
| CVE-2020-35572 | 1 Adminer | 1 Adminer | 2021-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adminer through 4.7.8 allows XSS via the history parameter to the default URI. | |||||
| CVE-2021-26916 | 1 Nopcommerce | 1 Nopcommerce | 2021-02-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | |||||
| CVE-2020-29021 | 1 Secomea | 8 Gatemanager 4250, Gatemanager 4250 Firmware, Gatemanager 4260 and 5 more | 2021-02-11 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in web UI input field of GateManager allows authenticated attacker to enter script tags that could cause XSS. This issue affects: GateManager all versions prior to 9.3. | |||||
| CVE-2021-3258 | 1 Qa-themes | 1 Q2a Ultimate Seo | 2021-02-10 | 3.5 LOW | 5.4 MEDIUM |
| Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution. | |||||
| CVE-2020-13248 | 1 Boolebox | 1 Boolebox | 2021-02-10 | 3.5 LOW | 5.4 MEDIUM |
| BooleBox Secure File Sharing Utility before 4.2.3.0 allows stored XSS via a crafted avatar field within My Account JSON data to Account.aspx. | |||||
| CVE-2021-22122 | 1 Fortinet | 1 Fortiweb | 2021-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points. | |||||
| CVE-2018-13065 | 1 Trustwave | 1 Modsecurity | 2021-02-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** ModSecurity 3.0.0 has XSS via an onerror attribute of an IMG element. NOTE: a third party has disputed this issue because it may only apply to environments without a Core Rule Set configured. | |||||
| CVE-2021-21434 | 1 Otrs | 1 Survey | 2021-02-09 | 3.5 LOW | 4.8 MEDIUM |
| Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. another agent who wants to make changes in the survey). This issue affects: OTRS AG Survey 6.0.x version 6.0.20 and prior versions; 7.0.x version 7.0.19 and prior versions. | |||||