Search
Total
13741 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3159 | 1 Landray | 1 Landray Ekp | 2021-08-02 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file. | |||||
| CVE-2021-3619 | 1 Rapid7 | 1 Velociraptor | 2021-08-02 | 3.5 LOW | 4.8 MEDIUM |
| Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds. | |||||
| CVE-2020-7390 | 1 Sage | 2 Syracuse, X3 | 2021-08-02 | 3.5 LOW | 5.4 MEDIUM |
| Sage X3 Stored XSS Vulnerability on ‘Edit’ Page of User Profile. An authenticated user can pass XSS strings the "First Name," "Last Name," and "Email Address" fields of this web application component. Updates are available for on-premises versions of Version 12 (components shipped with Syracuse 12.10.0 and later) of Sage X3. Other on-premises versions of Sage X3 are unaffected or unsupported by the vendor. | |||||
| CVE-2021-37463 | 1 Nchsoftware | 1 Quorum | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | |||||
| CVE-2021-37464 | 1 Nchsoftware | 1 Quorum | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | |||||
| CVE-2021-26224 | 1 Fantastic Blog Project | 1 Fantastic Blog | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. | |||||
| CVE-2021-37465 | 1 Nchsoftware | 1 Quorum | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | |||||
| CVE-2021-37466 | 1 Nchsoftware | 1 Quorum | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | |||||
| CVE-2021-25197 | 1 Content Management System Project | 1 Content Management System | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php | |||||
| CVE-2021-27332 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. | |||||
| CVE-2021-37467 | 1 Nchsoftware | 1 Quorum | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | |||||
| CVE-2021-37470 | 1 Nchsoftware | 1 Webdictate | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | |||||
| CVE-2021-30049 | 1 Sysaid | 1 Sysaid | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | |||||
| CVE-2021-26230 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php. | |||||
| CVE-2021-26227 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php. | |||||
| CVE-2014-6393 | 1 Openjsf | 1 Express | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via characters in a non-standard encoding. | |||||
| CVE-2020-23234 | 1 Lavalite | 1 Lavalite | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity exists in LavaLite CMS 5.8.0 via the Menu Blocks feature, which can be bypassed by using HTML event handlers, such as "ontoggle,". | |||||
| CVE-2021-32745 | 1 Collabora | 1 Online | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Collabora Online is a collaborative online office suite. A reflected XSS vulnerability was found in Collabora Online prior to version 6.4.9-5. An attacker could inject unescaped HTML into a variable as they created the Collabora Online iframe, and execute scripts inside the context of the Collabora Online iframe. This would give access to a small set of user settings stored in the browser, as well as the session's authentication token which was also passed in at iframe creation time. The issue is patched in Collabora Online 6.4.9-5. Collabora Online 4.2 is not affected. | |||||
| CVE-2020-25205 | 1 Mimosa | 6 B5, B5 Firmware, B5c and 3 more | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The web console for Mimosa B5, B5c, and C5x firmware through 2.8.0.2 is vulnerable to stored XSS in the set_banner() function of /var/www/core/controller/index.php. An unauthenticated attacker may set the contents of the /mnt/jffs2/banner.txt file, stored on the device's filesystem, to contain arbitrary JavaScript. The file contents are then used as part of a welcome/banner message presented to unauthenticated users who visit the login page for the web console. This vulnerability does not occur in the older 1.5.x firmware versions. | |||||
| CVE-2020-23238 | 1 Evo | 1 Evolution Cms | 2021-07-30 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Evolution CMS 2.0.2 via the Document Manager feature. | |||||
| CVE-2020-23239 | 1 Textpattern | 1 Textpattern | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Textpattern CMS 4.8.1 via Custom fields in the Menu Preferences feature. | |||||
| CVE-2020-23240 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerablity in CMS Made Simple 2.2.14 via the Logic field in the Content Manager feature. | |||||
| CVE-2020-23241 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in CMS Made Simple 2.2.14 in "Extra" via 'News > Article" feature. | |||||
| CVE-2020-23242 | 1 Naviwebs | 1 Navigatecms | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NavigateCMS 2.9 when performing a Create or Edit via the Tools feature. | |||||
| CVE-2020-23243 | 1 Naviwebs | 1 Navigatecms | 2021-07-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NavigateCMS NavigateCMS 2.9 via the name="wrong_path_redirect" feature. | |||||
| CVE-2019-9978 | 1 Warfareplugins | 2 Social Warfare, Social Warfare Pro | 2021-07-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| The social-warfare plugin before 3.5.3 for WordPress has stored XSS via the wp-admin/admin-post.php?swp_debug=load_options swp_url parameter, as exploited in the wild in March 2019. This affects Social Warfare and Social Warfare Pro. | |||||
| CVE-2021-26799 | 1 Omeka | 1 Omeka | 2021-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2021-32667 | 1 Typo3 | 1 Typo3 | 2021-07-29 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. | |||||
| CVE-2021-32668 | 1 Typo3 | 1 Typo3 | 2021-07-29 | 3.5 LOW | 4.8 MEDIUM |
| TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue. | |||||
| CVE-2021-32669 | 1 Typo3 | 1 Typo3 | 2021-07-29 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability. | |||||
| CVE-2020-22148 | 1 Piwigo | 1 Piwigo | 2021-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in /admin.php?page=tags of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-22150 | 1 Piwigo | 1 Piwigo | 2021-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-27517 | 1 Foxit | 2 Phantompdf, Reader | 2021-07-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). | |||||
| CVE-2021-27338 | 1 Faraday | 1 Edge | 2021-07-29 | 3.5 LOW | 5.4 MEDIUM |
| Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. | |||||
| CVE-2021-28114 | 1 Froala | 1 What You See Is What You Get Editor | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | |||||
| CVE-2021-3135 | 1 Tagdiv | 1 Newspaper | 2021-07-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. | |||||
| CVE-2021-26082 | 1 Atlassian | 2 Data Center, Jira | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. | |||||
| CVE-2021-26083 | 1 Atlassian | 2 Data Center, Jira | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-37450 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected). | |||||
| CVE-2021-37453 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored). | |||||
| CVE-2021-37451 | 1 Nchsoftware | 1 Ivm Attendant | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected). | |||||
| CVE-2021-37454 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored). | |||||
| CVE-2021-37455 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored). | |||||
| CVE-2021-37456 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored). | |||||
| CVE-2021-37457 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored). | |||||
| CVE-2021-37458 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | |||||
| CVE-2021-37459 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | |||||
| CVE-2021-37460 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | |||||
| CVE-2021-37461 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | |||||
| CVE-2021-37462 | 1 Nchsoftware | 1 Axon Pbx | 2021-07-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | |||||