Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-25918 | 1 Open-emr | 1 Openemr | 2021-03-29 | 3.5 LOW | 4.8 MEDIUM |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | |||||
| CVE-2021-28247 | 1 Ca | 1 Ehealth Performance Manager | 2021-03-29 | 3.5 LOW | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-20681 | 1 Basercms | 1 Basercms | 2021-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20683 | 1 Basercms | 1 Basercms | 2021-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2014-3786 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemail or (2) subject parameter in the Contact form to contact/. | |||||
| CVE-2017-7362 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=dynamic&x= XSS attack. | |||||
| CVE-2017-7360 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | |||||
| CVE-2017-7359 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | |||||
| CVE-2017-7361 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | |||||
| CVE-2017-7363 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=module&x= XSS attack. | |||||
| CVE-2020-23517 | 1 Aryanic | 1 High Cms | 2021-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Aryanic HighMail (High CMS) versions 2020 and before allows remote attackers to inject arbitrary web script or HTML, via 'user' to LoginForm. | |||||
| CVE-2021-22889 | 1 Revive-adserver | 1 Revive Adserver | 2021-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `statsBreakdown` parameter of stats.php (and possibly other scripts) due to single quotes not being escaped. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and pressing a certain key combination to execute injected JavaScript code. | |||||
| CVE-2021-22888 | 1 Revive-adserver | 1 Revive Adserver | 2021-03-26 | 4.3 MEDIUM | 6.1 MEDIUM |
| Revive Adserver before v5.2.0 is vulnerable to a reflected XSS vulnerability in the `status` parameter of campaign-zone-zones.php. An attacker could trick a user with access to the user interface of a Revive Adserver instance into clicking on a specifically crafted URL and execute injected JavaScript code. | |||||
| CVE-2018-10078 | 1 Vertiv | 1 Watchdog Console | 2021-03-26 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Geist WatchDog Console 3.2.2 allows remote authenticated administrators to inject arbitrary web script or HTML via a server description. | |||||
| CVE-2021-3124 | 1 Newtarget | 1 Custom Global Variables | 2021-03-26 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field. | |||||
| CVE-2021-29008 | 1 Seopanel | 1 Seo Panel | 2021-03-26 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter. | |||||
| CVE-2021-29010 | 1 Seopanel | 1 Seo Panel | 2021-03-26 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter. | |||||
| CVE-2021-29009 | 1 Seopanel | 1 Seo Panel | 2021-03-26 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter. | |||||
| CVE-2020-19626 | 1 Craftcms | 1 Craft Cms | 2021-03-26 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in craftcms 3.1.31, allows remote attackers to inject arbitrary web script or HTML, via /admin/settings/sites/new. | |||||
| CVE-2021-21340 | 1 Typo3 | 1 Typo3 | 2021-03-26 | 3.5 LOW | 5.4 MEDIUM |
| TYPO3 is an open source PHP based web content management system. In TYPO3 before versions 10.4.14, 11.1.1 it has been discovered that database fields used as _descriptionColumn_ are vulnerable to cross-site scripting when their content gets previewed. A valid backend user account is needed to exploit this vulnerability. This is fixed in versions 10.4.14, 11.1.1 . | |||||