Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34815 | 1 Checksec | 1 Canopy | 2021-06-21 | 3.5 LOW | 4.8 MEDIUM |
| CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. | |||||
| CVE-2018-12715 | 1 Digisol | 2 Dg-hr3400, Dg-hr3400 Firmware | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DIGISOL DG-HR3400 devices have XSS via a modified SSID when the apssid value is unchanged. | |||||
| CVE-2021-24346 | 1 Stock In \& Out Project | 1 Stock In \& Out | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| The Stock in & out WordPress plugin through 1.0.4 has a search functionality, the lowest accessible level to it being contributor. The srch POST parameter is not validated, sanitised or escaped before using it in the echo statement, leading to a reflected XSS issue | |||||
| CVE-2020-13688 | 1 Drupal | 1 Drupal | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in l Drupal Core allows an attacker could leverage the way that HTML is rendered for affected forms in order to exploit the vulnerability. This issue affects: Drupal Core 8.8.X versions prior to 8.8.10; 8.9.X versions prior to 8.9.6; 9.0.X versions prior to 9.0.6. | |||||
| CVE-2021-26829 | 1 Openplcproject | 1 Scadabr | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | |||||
| CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | |||||
| CVE-2018-19942 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect earlier versions of File Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions: QTS 4.5.2.1566 build 20210202 (and later) QTS 4.5.1.1456 build 20201015 (and later) QTS 4.3.6.1446 build 20200929 (and later) QTS 4.3.4.1463 build 20201006 (and later) QTS 4.3.3.1432 build 20201006 (and later) QTS 4.2.6 build 20210327 (and later) QuTS hero h4.5.1.1472 build 20201031 (and later) QuTScloud c4.5.4.1601 build 20210309 (and later) QuTScloud c4.5.3.1454 build 20201013 (and later) | |||||
| CVE-2020-2498 | 1 Qnap | 2 Qts, Quts Hero | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| If exploited, this cross-site scripting vulnerability could allow remote attackers to inject malicious code in certificate configuration. QANP have already fixed these vulnerabilities in the following versions of QTS and QuTS hero. QuTS hero h4.5.1.1472 build 20201031 and later QTS 4.5.1.1456 build 20201015 and later QTS 4.4.3.1354 build 20200702 and later QTS 4.3.6.1333 build 20200608 and later QTS 4.3.4.1368 build 20200703 and later QTS 4.3.3.1315 build 20200611 and later QTS 4.2.6 build 20200611 and later | |||||
| CVE-2020-2494 | 1 Qnap | 3 Music Station, Qts, Quts Hero | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| This cross-site scripting vulnerability in Music Station allows remote attackers to inject malicious code. QANP have already fixed this vulnerability in the following versions of Music Station. QuTS hero h4.5.1: Music Station 5.3.13 and later QTS 4.5.1: Music Station 5.3.12 and later QTS 4.4.3: Music Station 5.3.12 and later | |||||
| CVE-2021-24351 | 1 Posimyth | 1 The Plus Addons For Elementor | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The theplus_more_post AJAX action of The Plus Addons for Elementor Page Builder WordPress plugin before 4.1.12 did not properly sanitise some of its fields, leading to a reflected Cross-Site Scripting (exploitable on both unauthenticated and authenticated users) | |||||
| CVE-2021-32244 | 1 Moodle | 1 Moodle | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. | |||||
| CVE-2021-27479 | 1 Zoll | 1 Defibrillator Dashboard | 2021-06-21 | 3.5 LOW | 5.4 MEDIUM |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. | |||||
| CVE-2021-33557 | 1 Mantisbt | 1 Mantisbt | 2021-06-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An XSS issue was discovered in manage_custom_field_edit_page.php in MantisBT before 2.25.2. Unescaped output of the return parameter allows an attacker to inject code into a hidden input field. | |||||
| CVE-2021-24357 | 1 Fooplugins | 1 Foogallery | 2021-06-17 | 3.5 LOW | 5.4 MEDIUM |
| In the Best Image Gallery & Responsive Photo Gallery – FooGallery WordPress plugin before 2.0.35, the Custom CSS field of each gallery is not properly sanitised or validated before being being output in the page where the gallery is embed, leading to a stored Cross-Site Scripting issue. | |||||
| CVE-2021-24350 | 1 Bestwebsoft | 1 Visitors Online | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Visitors WordPress plugin through 0.3 is affected by an Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability. The plugin would display the user's user agent string without validation or encoding within the WordPress admin panel. | |||||
| CVE-2020-35761 | 1 Bloofox | 1 Bloofoxcms | 2021-06-17 | 3.5 LOW | 5.4 MEDIUM |
| bloofoxCMS 0.5.2.1 is infected with XSS that allows remote attackers to execute arbitrary JS/HTML Code. | |||||
| CVE-2021-23848 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. | |||||
| CVE-2019-25046 | 1 Cerberusftp | 1 Ftp Server | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Web Client in Cerberus FTP Server Enterprise before 10.0.19 and 11.x before 11.0.4 allows XSS via an SVG document. | |||||
| CVE-2019-17573 | 2 Apache, Oracle | 7 Cxf, Commerce Guided Search, Communications Element Manager and 4 more | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| By default, Apache CXF creates a /services page containing a listing of the available endpoint names and addresses. This webpage is vulnerable to a reflected Cross-Site Scripting (XSS) attack, which allows a malicious actor to inject javascript into the web page. Please note that the attack exploits a feature which is not typically not present in modern browsers, who remove dot segments before sending the request. However, Mobile applications may be vulnerable. | |||||
| CVE-2020-22789 | 1 Safe | 1 Fme Server | 2021-06-17 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored XSS in FME Server versions 2019.2 and 2020.0 Beta allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via the login page. The XSS is executed when an administrator accesses the logs. | |||||