Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38407 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38403 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter supplier of the API maintenance, which may allow an attacker to remotely execute code. | |||||
| CVE-2021-38411 | 1 Deltaww | 1 Dialink | 2021-11-05 | 3.5 LOW | 4.8 MEDIUM |
| Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code. | |||||
| CVE-2020-23126 | 1 Chamilo | 1 Chamilo Lms | 2021-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo LMS version 1.11.10 contains an XSS vulnerability in the personal profile edition form, affecting the user him/herself and social network friends. | |||||
| CVE-2020-20982 | 1 Wdja | 1 Wdja Cms | 2021-11-04 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in shadoweb wdja v1.5.1, allows attackers to execute arbitrary code and gain escalated privileges, via the backurl parameter to /php/passport/index.php. | |||||
| CVE-2021-3662 | 1 Hp | 2 Futuresmart 4, Futuresmart 5 | 2021-11-04 | 3.5 LOW | 5.4 MEDIUM |
| Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). | |||||
| CVE-2021-36698 | 1 Artica | 1 Pandora Fms | 2021-11-04 | 3.5 LOW | 5.4 MEDIUM |
| Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. | |||||
| CVE-2021-36176 | 1 Fortinet | 1 Fortiportal | 2021-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | |||||
| CVE-2021-43324 | 1 Librenms | 1 Librenms | 2021-11-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreNMS through 21.10.2 allows XSS via a widget title. | |||||
| CVE-2020-15940 | 1 Fortinet | 1 Forticlient Enterprise Management Server | 2021-11-04 | 3.5 LOW | 5.4 MEDIUM |
| An improper neutralization of input vulnerability [CWE-79] in FortiClientEMS versions 6.4.1 and below and 6.2.9 and below may allow a remote authenticated attacker to inject malicious script/tags via the name parameter of various sections of the server. | |||||
| CVE-2020-23718 | 1 Zibbs Project | 1 Zibbs | 2021-11-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross site scripting (XSS) vulnerability in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the route parameter to index.php. | |||||
| CVE-2020-23719 | 1 Zibbs Project | 1 Zibbs | 2021-11-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross site scripting (XSS) vulnerability in application/controllers/AdminController.php in xujinliang zibbs 1.0, allows attackers to execute arbitrary code via the bbsmeta parameter. | |||||
| CVE-2020-23754 | 1 Php-fusion | 1 Phpfusion | 2021-11-03 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature. | |||||
| CVE-2019-5450 | 1 Nextcloud | 1 Nextcloud | 2021-11-03 | 4.6 MEDIUM | 6.8 MEDIUM |
| Improper sanitization of HTML in directory names in the Nextcloud Android app prior to version 3.7.0 allowed to style the directory name in the header bar when using basic HTML. | |||||
| CVE-2021-29771 | 3 Ibm, Linux, Microsoft | 4 Aix, Infosphere Information Server, Linux Kernel and 1 more | 2021-11-03 | 3.5 LOW | 5.4 MEDIUM |
| IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2020-12814 | 1 Fortinet | 1 Fortianalyzer | 2021-11-03 | 3.5 LOW | 5.4 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiAnalyzer version 6.0.6 and below, version 6.4.4 allows attacker to execute unauthorized code or commands via specifically crafted requests to the web GUI. | |||||
| CVE-2021-31848 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2021-11-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension. | |||||
| CVE-2021-24539 | 1 Dazzlersoftware | 1 Coming Soon\, Under Construction \& Maintenance Mode By Dazzler | 2021-11-03 | 2.1 LOW | 4.8 MEDIUM |
| The Coming Soon, Under Construction & Maintenance Mode By Dazzler WordPress plugin before 1.6.7 does not sanitise or escape its description setting when outputting it in the frontend when the Coming Soon mode is enabled, even when the unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue | |||||
| CVE-2021-31862 | 1 Sysaid | 1 Sysaid | 2021-11-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication. | |||||
| CVE-2021-3441 | 1 Hp | 2 Officejet 7110, Officejet 7110 Firmware | 2021-11-03 | 3.5 LOW | 4.8 MEDIUM |
| A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). | |||||