Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-24382 | 1 Nextendweb | 1 Smart Slider | 2021-06-22 | 3.5 LOW | 5.4 MEDIUM |
| The Smart Slider 3 Free and pro WordPress plugins before 3.5.0.9 did not sanitise the Project Name before outputting it back in the page, leading to a Stored Cross-Site Scripting issue. By default, only administrator users could access the affected functionality, limiting the exploitability of the vulnerability. However, some WordPress admins may allow lesser privileged users to access the plugin's functionality, in which case, privilege escalation could be performed. | |||||
| CVE-2021-3535 | 1 Rapid7 | 1 Nexpose | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. | |||||
| CVE-2019-25047 | 1 Greenbone | 2 Greenbone Os, Greenbone Security Assistant | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad. | |||||
| CVE-2020-21130 | 1 Hisiphp | 1 Hisiphp | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in HisiPHP 2.0.8 via the group name in addgroup.html. | |||||
| CVE-2020-21517 | 1 Metinfo | 1 Metinfo | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. | |||||
| CVE-2021-31832 | 1 Mcafee | 1 Data Loss Prevention | 2021-06-22 | 3.5 LOW | 4.8 MEDIUM |
| Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. | |||||
| CVE-2021-27887 | 1 Hitachiabb-powergrids | 1 Ellipse Asset Performance Management | 2021-06-22 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in the main dashboard of Ellipse APM versions allows an authenticated user or integrated application to inject malicious data into the application that can then be executed in a victim’s browser. This issue affects: Hitachi ABB Power Grids Ellipse APM 5.3 version 5.3.0.1 and prior versions; 5.2 version 5.2.0.3 and prior versions; 5.1 version 5.1.0.6 and prior versions. | |||||
| CVE-2020-19202 | 1 Ipfire | 1 Ipfire | 2021-06-22 | 3.5 LOW | 5.4 MEDIUM |
| An authenticated Stored XSS (Cross-site Scripting) exists in the "captive.cgi" Captive Portal via the "Title of Login Page" text box or "TITLE" parameter in IPFire 2.21 (x86_64) - Core Update 130. It allows an authenticated WebGUI user with privileges to execute Stored Cross-site Scripting in the Captive Portal page. | |||||
| CVE-2017-6225 | 2 Broadcom, Brocade | 2 Fabric Operating System, Fabric Os | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the web-based management interface of Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) versions before 7.4.2b, 8.1.2 and 8.2.0 could allow remote attackers to execute arbitrary code or access sensitive browser-based information. | |||||
| CVE-2020-35373 | 1 Fiyo | 1 Fiyo Cms | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Fiyo CMS 2.0.6.1, the 'tag' parameter results in an unauthenticated XSS attack. | |||||
| CVE-2020-29215 | 1 Employee Management System Project | 1 Employee Management System | 2021-06-22 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting in SourceCodester Employee Management System 1.0 allows the user to execute alert messages via /Employee Management System/addemp.php on admin account. | |||||
| CVE-2021-21668 | 1 Jenkins | 1 Scriptler | 2021-06-22 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | |||||
| CVE-2021-21667 | 1 Jenkins | 1 Scriptler | 2021-06-22 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | |||||
| CVE-2021-1395 | 1 Cisco | 4 Packaged Contact Center Enterprise, Unified Contact Center Enterprise, Unified Contact Center Express and 1 more | 2021-06-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Intelligence Center could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of the interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2020-21316 | 1 Zrlog | 1 Zrlog | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability exists in the comment section in ZrLog 2.1.3, which allows remote attackers to inject arbitrary web script and stolen administrator cookies via the nickname parameter and gain access to the admin panel. | |||||
| CVE-2021-26834 | 1 Znote | 1 Znote | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. | |||||
| CVE-2021-26835 | 1 Zettlr | 1 Zettlr | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. | |||||
| CVE-2021-33347 | 1 Jpress | 1 Jpress | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur. | |||||
| CVE-2021-31521 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. | |||||
| CVE-2021-33666 | 1 Sap | 1 Commerce Cloud | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. | |||||