Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43686 | 1 Nzedb Project | 1 Nzedb | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t']. | |||||
| CVE-2021-44277 | 1 Librenms | 1 Librenms | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. | |||||
| CVE-2021-43683 | 1 Haschek | 1 Pictshare | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash']. | |||||
| CVE-2021-43681 | 1 Zerodream | 1 Sakurapanel | 2021-12-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name']. | |||||
| CVE-2021-23260 | 1 Craftercms | 1 Crafter Cms | 2021-12-03 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | |||||
| CVE-2021-42112 | 1 Limesurvey | 1 Limesurvey | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | |||||
| CVE-2020-27193 | 2 Ckeditor, Oracle | 9 Ckeditor, Agile Plm, Application Express and 6 more | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Color Dialog plugin for CKEditor 4.15.0 allows remote attackers to run arbitrary web script after persuading a user to copy and paste crafted HTML code into one of editor inputs. | |||||
| CVE-2021-36919 | 1 Getawesomesupport | 1 Awesome Support | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | |||||
| CVE-2021-3983 | 1 Kimai2 Project | 1 Kimai2 | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3994 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2021-12-02 | 6.8 MEDIUM | 9.6 CRITICAL |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-25967 | 1 Okfn | 1 Ckan | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture | |||||
| CVE-2021-43690 | 1 Yurunproxy Project | 1 Yurunproxy | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. | |||||
| CVE-2021-3985 | 1 Kimai | 1 Kimai2 | 2021-12-02 | 6.0 MEDIUM | 9.0 CRITICAL |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-20847 | 1 Nttdocomo | 2 Wi-fi Station Sh-52a, Wi-fi Station Sh-52a Firmware | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Wi-Fi STATION SH-52A (38JP_1_11G, 38JP_1_11J, 38JP_1_11K, 38JP_1_11L, 38JP_1_26F, 38JP_1_26G, 38JP_1_26J, 38JP_2_03B, and 38JP_2_03C) allows a remote unauthenticated attacker to inject an arbitrary script via WebUI of the device. | |||||
| CVE-2021-20855 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-20857 | 1 Elecom | 2 Wrc-2533ghbk-i, Wrc-2533ghbk-i Firmware | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN router WRC-2533GHBK-I firmware v1.20 and prior allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20856 | 1 Elecom | 4 Wrh-733gbk, Wrh-733gbk Firmware, Wrh-733gwh and 1 more | 2021-12-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in ELECOM LAN routers (WRH-733GBK firmware v1.02.9 and prior and WRH-733GWH firmware v1.02.9 and prior) allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-29849 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. | |||||
| CVE-2021-43689 | 1 Manage Project | 1 Manage | 2021-12-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. | |||||