Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29663 | 1 Course Registration Management System Project | 1 Course Registration Management System | 2021-04-06 | 3.5 LOW | 4.8 MEDIUM |
| CourseMS (aka Course Registration Management System) 2.1 is affected by cross-site scripting (XSS). When an attacker with access to an Admin account creates a Job Title in the Site area (aka the admin/add_jobs.php name parameter), they can insert an XSS payload. This payload will execute whenever anyone visits the registration page. | |||||
| CVE-2018-13380 | 1 Fortinet | 2 Fortios, Fortiproxy | 2021-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site Scripting (XSS) vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.7, 5.4.0 to 5.4.12, 5.2 and below and Fortinet FortiProxy 2.0.0, 1.2.8 and below under SSL VPN web portal allows attacker to execute unauthorized malicious script code via the error or message handling parameters. | |||||
| CVE-2019-12962 | 1 Livezilla | 1 Livezilla | 2021-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| LiveZilla Server before 8.0.1.1 is vulnerable to XSS in mobile/index.php via the Accept-Language HTTP header. | |||||
| CVE-2015-5532 | 1 Strangerstudios | 1 Paid Memberships Pro | 2021-04-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Paid Memberships Pro (PMPro) plugin before 1.8.4.3 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) s parameter to membershiplevels.php, (2) memberslist.php, or (3) orders.php in adminpages/ or the (4) edit parameter to adminpages/membershiplevels.php. | |||||
| CVE-2021-21418 | 1 Prestashop | 1 Ps Emailsubscription | 2021-04-06 | 3.5 LOW | 5.4 MEDIUM |
| ps_emailsubscription is a newsletter subscription module for the PrestaShop platform. An employee can inject javascript in the newsletter condition field that will then be executed on the front office The issue has been fixed in 2.6.1 | |||||
| CVE-2021-22993 | 1 F5 | 2 Big-ip Advanced Web Application Firewall, Big-ip Application Security Manager | 2021-04-05 | 6.8 MEDIUM | 8.8 HIGH |
| On BIG-IP Advanced WAF and BIG-IP ASM versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2, 14.1.x before 14.1.3.1, 13.1.x before 13.1.3.6, and 12.1.x before 12.1.5.3, DOM-based XSS on DoS Profile properties page. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-22994 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-04-05 | 4.3 MEDIUM | 6.1 MEDIUM |
| On BIG-IP versions 16.0.x before 16.0.1.1, 15.1.x before 15.1.2.1, 14.1.x before 14.1.4, 13.1.x before 13.1.3.6, 12.1.x before 12.1.5.3, and 11.6.x before 11.6.5.3, undisclosed endpoints in iControl REST allow for a reflected XSS attack, which could lead to a complete compromise of the BIG-IP system if the victim user is granted the admin role. This vulnerability is due to an incomplete fix for CVE-2020-5948. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated. | |||||
| CVE-2021-21635 | 1 Jenkins | 1 Rest List Parameter | 2021-04-05 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-27349 | 1 Algolplus | 1 Advanced Order Export | 2021-04-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. | |||||
| CVE-2020-19617 | 1 Mblog Project | 1 Mblog | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the nickname field to /settings/profile. | |||||
| CVE-2020-19618 | 1 Mblog Project | 1 Mblog | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post content field to /post/editing. | |||||
| CVE-2020-19616 | 1 Mblog Project | 1 Mblog | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the post header field to /post/editing. | |||||
| CVE-2020-19619 | 1 Mblog Project | 1 Mblog | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in mblog 3.5 via the signature field to /settings/profile. | |||||
| CVE-2021-21398 | 1 Prestashop | 1 Prestashop | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3 | |||||
| CVE-2021-21630 | 1 Jenkins | 1 Extra Columns | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21628 | 1 Jenkins | 1 Build With Parameters | 2021-04-02 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-27969 | 1 Boonex | 1 Dolphin | 2021-04-02 | 3.5 LOW | 4.8 MEDIUM |
| Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. | |||||
| CVE-2020-25840 | 1 Microfocus | 1 Access Manager | 2021-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site scripting vulnerability in Micro Focus Access Manager product, affects all version prior to version 5.0. The vulnerability could cause configuration destruction. | |||||
| CVE-2020-25902 | 1 Blackboard | 1 Collaborate Ultra | 2021-04-01 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** DISPUTED ** Blackboard Collaborate Ultra 20.02 is affected by a cross-site scripting (XSS) vulnerability. The XSS payload will execute on the class room, which leads to stealing cookies from users who join the class. NOTE: Third-parties dispute the validity of this entry as a possible false positive during research. | |||||
| CVE-2021-26596 | 1 Nokia | 1 Netact | 2021-04-01 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | |||||