Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37152 | 1 Sonatype | 1 Nexus Repository Manager | 2021-08-16 | 3.5 LOW | 5.4 MEDIUM |
| Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. | |||||
| CVE-2020-18456 | 1 Pbootcms | 1 Pbootcms | 2021-08-16 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php. | |||||
| CVE-2021-38193 | 1 Ammonia Project | 1 Ammonia | 2021-08-16 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. | |||||
| CVE-2021-38186 | 1 Comrak Project | 1 Comrak | 2021-08-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities. | |||||
| CVE-2018-17861 | 1 Sap | 1 J2ee Engine | 2021-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-17862 | 1 Sap | 1 J2ee Engine | 2021-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2018-17865 | 1 Sap | 1 J2ee Engine | 2021-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-21362 | 1 Maccms | 1 Maccms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter. | |||||
| CVE-2020-21930 | 1 Eyoucms | 1 Eyoucms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-21929 | 1 Eyoucms | 1 Eyoucms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2020-18446 | 1 Yunucms | 1 Yunucms | 2021-08-13 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php. | |||||
| CVE-2020-18449 | 1 Ukcms | 1 Ukcms | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php | |||||
| CVE-2020-18445 | 1 Yunucms | 1 Yunucms | 2021-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php. | |||||
| CVE-2020-18451 | 1 Damicms | 1 Damicms | 2021-08-13 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php. | |||||
| CVE-2021-32597 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2021-08-13 | 3.5 LOW | 5.4 MEDIUM |
| Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. | |||||
| CVE-2021-38157 | 1 Leostream | 1 Connection Broker | 2021-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-37365 | 1 Ctparental Project | 1 Ctparental | 2021-08-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage. | |||||
| CVE-2021-35030 | 1 Zyxel | 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more | 2021-08-13 | 2.3 LOW | 4.3 MEDIUM |
| A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet. | |||||
| CVE-2016-0919 | 1 Rsa | 1 Web Threat Detection | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| EMC RSA Web Threat Detection version 5.0, RSA Web Threat Detection version 5.1, RSA Web Threat Detection version 5.1.2 has a cross site scripting vulnerability that could potentially be exploited by malicious users to compromise the affected system. | |||||
| CVE-2017-8044 | 1 Vmware | 1 Single Sign-on For Pivotal Cloud Foundry | 2021-08-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Pivotal Single Sign-On for PCF (1.3.x versions prior to 1.3.4 and 1.4.x versions prior to 1.4.3), certain pages allow code to be injected into the DOM environment through query parameters, leading to XSS attacks. | |||||