Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40975 | 1 Ecommerce-codeigniter-bootstrap Project | 1 Ecommerce-codeigniter-bootstrap | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to inject arbitrary web script or HTML via the search_title parameter. | |||||
| CVE-2021-41464 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | |||||
| CVE-2021-41463 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | |||||
| CVE-2021-41465 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | |||||
| CVE-2021-41467 | 1 Justwriting Project | 1 Justwriting | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. | |||||
| CVE-2021-34354 | 1 Qnap | 2 Nas, Photo Station | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2021-34356 | 1 Qnap | 2 Nas, Photo Station | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2021-38675 | 1 Qnap | 2 Image2pdf, Nas | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | |||||
| CVE-2021-34355 | 1 Qnap | 2 Nas, Photo Station | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2020-20799 | 1 Jeecms | 1 Jeecms | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| JeeCMS 1.0.1 contains a stored cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the commentText parameter. | |||||
| CVE-2021-40921 | 1 Detector Project | 1 Detector | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. | |||||
| CVE-2021-40922 | 1 Pixeline | 1 Bugs | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. | |||||
| CVE-2021-40923 | 1 Pixeline | 1 Bugs | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2021-40924 | 1 Pixeline | 1 Bugs | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | |||||
| CVE-2021-40925 | 1 Faveohelpdesk | 1 Faveo | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter. | |||||
| CVE-2021-40926 | 1 Getid3 | 1 Getid3 | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. | |||||
| CVE-2021-40927 | 1 Alfred-spotify-mini-player | 1 Alfred Spotify Mini Player | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. | |||||
| CVE-2021-40928 | 1 Glimmrtv | 1 Flextv | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. | |||||
| CVE-2021-40968 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2 parameter. | |||||
| CVE-2021-40970 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. | |||||