Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26812 | 1 Jitsi | 1 Meet | 2021-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | |||||
| CVE-2021-27180 | 1 Altn | 1 Mdaemon | 2021-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user. | |||||
| CVE-2021-27544 | 1 Phpgurukul Beauty Parlour Management System Project | 1 Phpgurukul Beauty Parlour Management System | 2021-04-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | |||||
| CVE-2018-2504 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SAP NetWeaver AS Java Web Container service does not validate against whitelist the HTTP host header which can result in HTTP Host Header Manipulation or Cross-Site Scripting (XSS) vulnerability. This is fixed in versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50. | |||||
| CVE-2020-21088 | 1 X2engine | 1 X2crm | 2021-04-20 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) in X2engine X2CRM v7.1 and older allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "First Name" and "Last Name" fields in "/index.php/contacts/create page" | |||||
| CVE-2021-28459 | 1 Microsoft | 1 Azure Devops Server | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2021-27288 | 1 X2engine | 1 X2crm | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. | |||||
| CVE-2021-3243 | 1 Wfiltericf | 1 Wfilter Internet Content Filter | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function. | |||||
| CVE-2017-11458 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the ctcprotocol/Protocol servlet in SAP NetWeaver AS JAVA 7.3 allows remote attackers to inject arbitrary web script or HTML via the sessionID parameter, aka SAP Security Note 2406783. | |||||
| CVE-2018-2452 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| The logon application of SAP NetWeaver AS Java 7.10 to 7.11, 7.20, 7.30, 7.31, 7.40, 7.50 does not sufficiently encode user-controlled inputs, resulting in a cross-site scripting (XSS) vulnerability. | |||||
| CVE-2016-3975 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SAP NetWeaver AS Java 7.1 through 7.5 allows remote attackers to inject arbitrary web script or HTML via the navigationTarget parameter to irj/servlet/prt/portal/prteventname/XXX/prtroot/com.sapportals.navigation.testComponent.NavigationURLTester, aka SAP Security Note 2238375. | |||||
| CVE-2021-27601 | 1 Sap | 1 Netweaver Application Server Java | 2021-04-20 | 3.5 LOW | 5.4 MEDIUM |
| SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree. | |||||
| CVE-2021-24225 | 1 Elbtide | 1 Advanced Booking Calendar | 2021-04-20 | 3.5 LOW | 5.4 MEDIUM |
| The Advanced Booking Calendar WordPress plugin before 1.6.7 did not sanitise the calId GET parameter in the "Seasons & Calendars" page before outputing it in an A tag, leading to a reflected XSS issue | |||||
| CVE-2008-1133 | 1 Drupal | 1 Drupal | 2021-04-20 | 4.3 MEDIUM | N/A |
| The Drupal.checkPlain function in Drupal 6.0 only escapes the first instance of a character in ECMAScript, which allows remote attackers to conduct cross-site scripting (XSS) attacks. | |||||
| CVE-2019-10909 | 2 Drupal, Sensiolabs | 2 Drupal, Symfony | 2021-04-20 | 3.5 LOW | 5.4 MEDIUM |
| In Symfony before 2.7.51, 2.8.x before 2.8.50, 3.x before 3.4.26, 4.x before 4.1.12, and 4.2.x before 4.2.7, validation messages are not escaped, which can lead to XSS when user input is included. This is related to symfony/framework-bundle. | |||||
| CVE-2017-11175 | 1 Siemens | 1 Fin Stack | 2021-04-20 | 4.3 MEDIUM | 6.1 MEDIUM |
| In J2 Innovations FIN Stack 4.0, the authentication webform is vulnerable to reflected XSS via the query string to /login. | |||||
| CVE-2021-25926 | 1 Sickrage | 1 Sickrage | 2021-04-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| In SiCKRAGE, versions 9.3.54.dev1 to 10.0.11.dev1 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly in the `quicksearch` feature. Therefore, an attacker can steal a user's sessionID to masquerade as a victim user, to carry out any actions in the context of the user. | |||||
| CVE-2021-25925 | 1 Sickrage | 1 Sickrage | 2021-04-19 | 3.5 LOW | 5.4 MEDIUM |
| in SiCKRAGE, versions 4.2.0 to 10.0.11.dev1 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly when processed by the server. Therefore, an attacker can inject arbitrary JavaScript code inside the application, and possibly steal a user’s sensitive information. | |||||
| CVE-2020-28124 | 1 Lavalite | 1 Lavalite | 2021-04-19 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in LavaLite 5.8.0 via the Address field. | |||||
| CVE-2008-3218 | 2 Drupal, Fedoraproject | 2 Drupal, Fedora | 2021-04-19 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Drupal 6.x before 6.3 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) free tagging taxonomy terms, which are not properly handled on node preview pages, and (2) unspecified OpenID values. | |||||