Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35415 | 1 Chamilo | 1 Chamilo Lms | 2021-12-06 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. | |||||
| CVE-2021-43991 | 1 Kentico | 1 Xperience | 2021-12-06 | 3.5 LOW | 5.4 MEDIUM |
| The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. | |||||
| CVE-2015-20106 | 1 Cbads | 1 Clickbank Affiliate Ads | 2021-12-04 | 3.5 LOW | 4.8 MEDIUM |
| The ClickBank Affiliate Ads WordPress plugin through 1.20 does not escape its settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed. | |||||
| CVE-2020-13947 | 2 Apache, Oracle | 3 Activemq, Communications Session Report Manager, Communications Session Route Manager | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| An instance of a cross-site scripting vulnerability was identified to be present in the web based administration console on the message.jsp page of Apache ActiveMQ versions 5.15.12 through 5.16.0. | |||||
| CVE-2021-40577 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2021-12-03 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. | |||||
| CVE-2021-24247 | 1 Mooveagency | 1 Contact Form Check Tester | 2021-12-03 | 3.5 LOW | 5.4 MEDIUM |
| The Contact Form Check Tester WordPress plugin through 1.0.2 settings are visible to all registered users in the dashboard and are lacking any sanitisation. As a result, any registered user, such as subscriber, can leave an XSS payload in the plugin settings, which will be triggered by any user visiting them, and could allow for privilege escalation. The vendor decided to close the plugin. | |||||
| CVE-2021-25785 | 1 Taogogo | 1 Taocms | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | |||||
| CVE-2021-24169 | 1 Algolplus | 1 Advanced Order Export | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| This Advanced Order Export For WooCommerce WordPress plugin before 3.1.8 helps you to easily export WooCommerce order data. The tab parameter in the Admin Panel is vulnerable to reflected XSS. | |||||
| CVE-2021-27520 | 1 Fudforum | 1 Fudforum | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. | |||||
| CVE-2021-27519 | 1 Fudforum | 1 Fudforum | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. | |||||
| CVE-2021-28420 | 1 Seopanel | 1 Seo Panel | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | |||||
| CVE-2021-28418 | 1 Seopanel | 1 Seo Panel | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | |||||
| CVE-2021-28417 | 1 Seopanel | 1 Seo Panel | 2021-12-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | |||||
| CVE-2021-3150 | 1 Cryptshare | 1 Cryptshare Server | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 | |||||
| CVE-2021-21079 | 1 Adobe | 1 Connect | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-21080 | 1 Adobe | 1 Connect | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. An attacker could exploit this vulnerability to inject malicious JavaScript content that may be executed within the context of the victim's browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2020-35037 | 1 Wp-events-plugin | 1 Events Manager | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Events Manager WordPress plugin before 5.9.8 does not sanitise and escape some search parameter before outputing them in pages, which could lead to Cross-Site Scripting issues | |||||
| CVE-2021-44279 | 1 Librenms | 1 Librenms | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | |||||
| CVE-2021-43686 | 1 Nzedb Project | 1 Nzedb | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t']. | |||||
| CVE-2021-44277 | 1 Librenms | 1 Librenms | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. | |||||
| CVE-2021-43683 | 1 Haschek | 1 Pictshare | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash']. | |||||
| CVE-2021-43681 | 1 Zerodream | 1 Sakurapanel | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name']. | |||||
| CVE-2021-23260 | 1 Craftercms | 1 Crafter Cms | 2021-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | |||||
| CVE-2021-42112 | 1 Limesurvey | 1 Limesurvey | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | |||||
| CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | |||||
| CVE-2021-36919 | 1 Getawesomesupport | 1 Awesome Support | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | |||||
| CVE-2021-3983 | 1 Kimai2 Project | 1 Kimai2 | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25967 | 1 Okfn | 1 Ckan | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture | |||||
| CVE-2021-43690 | 1 Yurunproxy Project | 1 Yurunproxy | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. | |||||
| CVE-2021-20847 | 1 Nttdocomo | 2 Wi-fi Station Sh-52a, Wi-fi Station Sh-52a Firmware | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. | |||||
| CVE-2021-20855 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-20857 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20856 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-29849 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. | |||||
| CVE-2021-43689 | 1 Manage Project | 1 Manage | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. | |||||
| CVE-2021-31721 | 1 Chevereto | 1 Chevereto | 2021-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. | |||||
| CVE-2020-4354 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2021-12-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 178506. | |||||
| CVE-2019-4653 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2021-12-01 | 3.5 LOW | 5.4 MEDIUM |
| IBM Cognos Analytics 11.0 and 11.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 170964. | |||||
| CVE-2021-42365 | 1 Asgaros | 1 Asgaros Forum | 2021-12-01 | 2.1 LOW | 4.8 MEDIUM |
| The Asgaros Forums WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient escaping via the name parameter found in the ~/admin/tables/admin-structure-table.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.15.13. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2021-43695 | 1 Issabel | 1 Pbx | 2021-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. | |||||
| CVE-2021-43698 | 1 Phpwhois Project | 1 Phpwhois | 2021-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability. | |||||
| CVE-2021-41878 | 1 Hkurl | 1 I-panel Administration System | 2021-12-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button. | |||||
| CVE-2021-20858 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2021-12-01 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-24719 | 1 Kriesi | 1 Enfold | 2021-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. | |||||
| CVE-2020-26135 | 1 Livehelperchat | 1 Live Helper Chat | 2021-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Live Helper Chat before 3.44v allows reflected XSS via the setsettingajax PATH_INFO. | |||||
| CVE-2020-11082 | 2 Debian, Kaminari Project | 2 Debian Linux, Kaminari | 2021-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Kaminari before 1.2.1, there is a vulnerability that would allow an attacker to inject arbitrary code into pages with pagination links. This has been fixed in 1.2.1. | |||||
| CVE-2021-24722 | 1 Motopress | 1 Restaurant Menu | 2021-11-30 | 3.5 LOW | 4.8 MEDIUM |
| The Restaurant Menu by MotoPress WordPress plugin before 2.4.2 does not properly sanitize or escape inputs when creating new menu items, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-35323 | 1 Bludit | 1 Bludit | 2021-11-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | |||||
| CVE-2021-20280 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2021-11-30 | 3.5 LOW | 5.4 MEDIUM |
| Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17. | |||||