Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21004 | 1 Phoenixcontact | 30 Fl Nat Smn 8tx, Fl Nat Smn 8tx-m, Fl Nat Smn 8tx-m Firmware and 27 more | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. | |||||
| CVE-2021-32713 | 1 Shopware | 1 Shopware | 2021-07-01 | 3.5 LOW | 4.8 MEDIUM |
| Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview. | |||||
| CVE-2021-32702 | 1 Auth0 | 1 Nextjs-auth0 | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Versions before and including `1.4.1` are vulnerable to reflected XSS. An attacker can execute arbitrary code by providing an XSS payload in the `error` query parameter which is then processed by the callback handler as an error message. You are affected by this vulnerability if you are using `@auth0/nextjs-auth0` version `1.4.1` or lower **unless** you are using custom error handling that does not return the error message in an HTML response. Upgrade to version `1.4.1` to resolve. The fix adds basic HTML escaping to the error message and it should not impact your users. | |||||
| CVE-2021-3314 | 1 Oracle | 1 Glassfish Server | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2020-21142 | 1 Ipfire | 1 Ipfire | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerabilty in IPFire 2.23 via the IPfire web UI in the mail.cgi. | |||||
| CVE-2020-22609 | 1 Enhancesoft | 1 Osticket | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter in include/class.queue.php. | |||||
| CVE-2021-35513 | 1 Mermaid Project | 1 Mermaid | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mermaid before 8.11.0 allows XSS when the antiscript feature is used. | |||||
| CVE-2020-20640 | 1 Shopex | 1 Ecshop | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in ECShop 4.0 due to security filtering issues, in the user.php file, we can use the html entity encoding to bypass the security policy of the safety.php file, triggering the xss vulnerability. | |||||
| CVE-2020-22608 | 1 Enhancesoft | 1 Osticket | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in Enhancesoft osTicket before v1.12.6 via the queue-name parameter to include/ajax.search.php. | |||||
| CVE-2021-35298 | 1 Zammad | 1 Zammad | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. | |||||
| CVE-2021-20735 | 1 Ec-cube | 3 Delivery Slip Number, Delivery Slip Number Csv Bulk Registration, Delivery Slip Number Mail | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in ETUNA EC-CUBE plugins (Delivery slip number plugin (3.0 series) 1.0.10 and earlier, Delivery slip number csv bulk registration plugin (3.0 series) 1.0.8 and earlier, and Delivery slip number mail plugin (3.0 series) 1.0.8 and earlier) allows remote attackers to inject an arbitrary script by executing a specific operation on the management page of EC-CUBE. | |||||
| CVE-2020-26801 | 1 Tripplite | 2 Su2200rtxl2ua, Su2200rtxl2ua Firmware | 2021-07-01 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. This vulnerability allows authenticated attackers to obtain other users' information via a crafted POST request. | |||||
| CVE-2013-4608 | 2 Project-redcap, Vanderbilt | 2 Redcap, Redcap | 2021-07-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in REDCap before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via vectors involving the Graphical Data View & Descriptive Stats page. | |||||
| CVE-2012-6565 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 3.5 LOW | N/A |
| Cross-site scripting (XSS) vulnerability in REDCap before 4.14.3 allows remote authenticated users to inject arbitrary web script or HTML via uppercase characters in JavaScript events within user-defined labels. | |||||
| CVE-2012-6564 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in REDCap before 4.14.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2013-4612 | 2 Project-redcap, Vanderbilt | 2 Redcap, Redcap | 2021-07-01 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in REDCap before 5.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving different modules. | |||||
| CVE-2017-10962 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| REDCap before 7.5.1 has XSS via the query string. | |||||
| CVE-2012-6566 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.3 MEDIUM | N/A |
| Cross-site scripting (XSS) vulnerability in REDCap before 4.14.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2020-26713 | 1 Vanderbilt | 1 Redcap | 2021-07-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| REDCap 10.3.4 contains a XSS vulnerability in the ToDoList function with parameter sort. The information submitted by the user is immediately returned in the response and not escaped leading to the reflected XSS vulnerability. Attackers can exploit vulnerabilities to steal login session information or borrow user rights to perform unauthorized acts. | |||||
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2021-07-01 | 3.5 LOW | 5.4 MEDIUM |
| SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | |||||