Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28054 | 1 Centreon | 1 Centreon | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter. | |||||
| CVE-2021-21442 | 1 Otrs | 1 Time Accounting | 2021-08-04 | 4.3 MEDIUM | 5.4 MEDIUM |
| In the project create screen it's possible to inject malicious JS code to the certain fields. The code might be executed in the Reporting screen. This issue affects: OTRS AG Time Accounting: 7.0.x versions prior to 7.0.19. | |||||
| CVE-2021-36092 | 1 Otrs | 1 Otrs | 2021-08-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. | |||||
| CVE-2014-9224 | 2 Broadcom, Symantec | 2 Symantec Critical System Protection, Data Center Security | 2021-08-04 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in the ajaxswing webui in the Management Console server in the management server in Symantec Critical System Protection (SCSP) 5.2.9 through MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x through 6.0 MP1 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2021-37448 | 1 Nchsoftware | 1 Ivm Attendant | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | |||||
| CVE-2021-37449 | 1 Nchsoftware | 1 Ivm Attendant | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmlist?folder= (reflected). | |||||
| CVE-2016-6519 | 2 Openstack, Redhat | 2 Manila, Openstack | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the "Shares" overview in Openstack Manila before 2.5.1 allows remote authenticated users to inject arbitrary web script or HTML via the Metadata field in the "Create Share" form. | |||||
| CVE-2020-5004 | 1 Ibm | 9 Engineering Lifecycle Optimization - Engineering Insights, Engineering Requirements Quality Assistant On-premises, Engineering Test Management and 6 more | 2021-08-04 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192957. | |||||
| CVE-2020-20699 | 1 S-cms | 1 S-cms | 2021-08-03 | 3.5 LOW | 4.8 MEDIUM |
| A cross site scripting (XSS) vulnerability in S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Copyright text box under Basic Settings. | |||||
| CVE-2020-18158 | 1 Hucart | 1 Hucart | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in HuCart 5.7.4 via nickname in index.php. | |||||
| CVE-2020-21854 | 1 Tidesec | 1 Wdscanner | 2021-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerabiity exists in WDScanner 1.1 in the system management page. | |||||
| CVE-2020-15948 | 1 Egain | 1 Chat | 2021-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| eGain Chat 15.5.5 allows XSS via the Name (aka full_name) field. | |||||
| CVE-2020-20700 | 1 S-cms | 1 S-cms | 2021-08-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in /app/form_add/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the Title Entry text box. | |||||
| CVE-2020-19118 | 1 Yzmcms | 1 Yzmcms | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerabiity in YzmCMS 5.2 via the site_code parameter in admin/index/init.html. | |||||
| CVE-2020-20701 | 1 S-cms | 1 S-cms | 2021-08-03 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in /app/config/of S-CMS PHP v3.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-37534 | 1 Misp | 1 Misp | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | |||||
| CVE-2020-22765 | 1 Nukeviet | 1 Nukeviet | 2021-08-03 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in NukeViet cms 4.4.0 via the editor in the News module. | |||||
| CVE-2021-25791 | 1 Online Doctor Appointment System Php Full Source Code Project | 1 Online Doctor Appointment System Php Full Source Code | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. | |||||
| CVE-2021-1599 | 1 Cisco | 1 Unified Customer Voice Portal | 2021-08-03 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions. | |||||
| CVE-2021-20112 | 1 Tecnick | 1 Tcexam | 2021-08-02 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file. | |||||