Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2017-13678 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS vulnerability in the Symantec Advanced Secure Gateway (ASG) and ProxySG management consoles. A malicious appliance administrator can inject arbitrary JavaScript code in the management console web client application. | |||||
| CVE-2016-10257 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Symantec Advanced Secure Gateway (ASG) 6.6, ASG 6.7 (prior to 6.7.2.1), ProxySG 6.5 (prior to 6.5.10.6), ProxySG 6.6, and ProxySG 6.7 (prior to 6.7.2.1) management console is susceptible to a reflected XSS vulnerability. A remote attacker can use a crafted management console URL in a phishing attack to inject arbitrary JavaScript code into the management console web client application. This is a separate vulnerability from CVE-2016-10256. | |||||
| CVE-2018-18370 | 1 Broadcom | 2 Advanced Secure Gateway, Symantec Proxysg | 2021-07-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| The ASG/ProxySG FTP proxy WebFTP mode allows intercepting FTP connections where a user accesses an FTP server via a ftp:// URL in a web browser. A stored cross-site scripting (XSS) vulnerability in the WebFTP mode allows a remote attacker to inject malicious JavaScript code in ASG/ProxySG's web listing of a remote FTP server. Exploiting the vulnerability requires the attacker to be able to upload crafted files to the remote FTP server. Affected versions: ASG 6.6 and 6.7 prior to 6.7.4.2; ProxySG 6.5 prior to 6.5.10.15, 6.6, and 6.7 prior to 6.7.4.2. | |||||
| CVE-2021-20750 | 1 Ec-cube | 1 Ec-cube | 2021-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. | |||||
| CVE-2021-20751 | 1 Ec-cube | 1 Ec-cube | 2021-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in EC-CUBE EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific operation. | |||||
| CVE-2021-20749 | 1 Nendeb | 3 Fudousan Plugin, Fudousan Plugin Pro Multi-user, Fudousan Plugin Pro Single-user | 2021-07-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in Fudousan plugin ver5.7.0 and earlier, Fudousan Plugin Pro Single-User Type ver5.7.0 and earlier, and Fudousan Plugin Pro Multi-User Type ver5.7.0 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-28424 | 1 Teachers Record Management System Project | 1 Teachers Record Management System | 2021-07-07 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||
| CVE-2021-24407 | 1 Tielabs | 1 Jannah | 2021-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Jannah WordPress theme before 5.4.5 did not properly sanitize the 'query' POST parameter in its tie_ajax_search AJAX action, leading to a Reflected Cross-site Scripting (XSS) vulnerability. | |||||
| CVE-2021-35440 | 1 Smashing Project | 1 Smashing | 2021-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker. | |||||
| CVE-2021-26035 | 1 Joomla | 1 Joomla\! | 2021-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability. | |||||
| CVE-2020-22251 | 1 Phplist | 1 Phplist | 2021-07-07 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in phpList 3.5.3 via the login name field in Manage Administrators when adding a new admin. | |||||
| CVE-2021-26039 | 1 Joomla | 1 Joomla\! | 2021-07-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | |||||
| CVE-2021-36130 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users. | |||||
| CVE-2021-36131 | 1 Mediawiki | 1 Mediawiki | 2021-07-07 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. | |||||
| CVE-2020-4935 | 2 Ibm, Microsoft | 2 Datacap Navigator, Windows | 2021-07-07 | 3.5 LOW | 5.4 MEDIUM |
| IBM Datacap Fastdoc Capture (IBM Datacap Navigator 9.1.7 ) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 191753. | |||||
| CVE-2021-28803 | 1 Qnap | 1 Q\'center | 2021-07-07 | 3.5 LOW | 5.4 MEDIUM |
| This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004. | |||||
| CVE-2021-20752 | 1 Ikalka Rss Reader Project | 1 Ikalka Rss Reader | 2021-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in IkaIka RSS Reader all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-32735 | 1 Getkirby | 1 Kirby | 2021-07-06 | 3.5 LOW | 5.4 MEDIUM |
| Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form. | |||||
| CVE-2020-36196 | 1 Qnap | 1 Qulog Center | 2021-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored XSS vulnerability has been reported to affect QNAP NAS running QuLog Center. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QuLog Center versions prior to 1.2.0. | |||||
| CVE-2020-36194 | 1 Qnap | 2 Qts, Quts Hero | 2021-07-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.2.1566 Build 20210202. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 build 20210414. This issue does not affect: QNAP Systems Inc. QTS 4.5.3. | |||||