Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43692 | 1 Youtube-php-mirroring Project | 1 Youtube-php-mirroring | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php.
|
|||||
| CVE-2021-43690 | 1 Yurunproxy Project | 1 Yurunproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read.
|
|||||
| CVE-2021-43689 | 1 Manage Project | 1 Manage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST.
|
|||||
| CVE-2021-43687 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie.
|
|||||
| CVE-2021-43686 | 1 Nzedb Project | 1 Nzedb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t'].
|
|||||
| CVE-2021-43683 | 1 Haschek | 1 Pictshare | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash'].
|
|||||
| CVE-2021-43682 | 1 Thinkphp-bjyblog Project | 1 Thinkphp-bjyblog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $_SERVER['HTTP_HOST'].
|
|||||
| CVE-2021-43681 | 1 Zerodream | 1 Sakurapanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name'].
|
|||||
| CVE-2021-43678 | 1 Wechat-php-sdk Project | 1 Wechat-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php.
|
|||||
| CVE-2021-43677 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2021-43675 | 1 Lycheeorg | 1 Lychee | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user.
|
|||||
| CVE-2021-43673 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)).
|
|||||
| CVE-2021-43661 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp.
|
|||||
| CVE-2021-43659 | 1 Halo | 1 Halo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability.
|
|||||
| CVE-2021-43633 | 1 Messaging Web Application Project | 1 Messaging Web Application | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat.
|
|||||
| CVE-2021-43574 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
|
|||||
| CVE-2021-43561 | 1 Pega-sus | 1 Google For Jobs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability.
|
|||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
|
|||||
| CVE-2021-43551 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions.
|
|||||
| CVE-2021-43549 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
|
A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information.
|
|||||
| CVE-2021-43544 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95.
|
|||||
| CVE-2021-43543 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95.
|
|||||
| CVE-2021-43530 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94.
|
|||||
| CVE-2021-43505 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice.
|
|||||
| CVE-2021-43462 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter.
|
|||||
| CVE-2021-43461 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter.
|
|||||
| CVE-2021-43459 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters.
|
|||||
| CVE-2021-43441 | 1 Iorder Project | 1 Iorder | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form
|
|||||
| CVE-2021-43440 | 1 Iorder Project | 1 Iorder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field.
|
|||||
| CVE-2021-43439 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
|
RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely
|
|||||
| CVE-2021-43438 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field
|
|||||
| CVE-2021-43436 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed.
|
|||||
| CVE-2021-43432 | 1 Exrick | 1 Xmall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp.
|
|||||
| CVE-2021-43409 | 1 Wpo365 | 1 Wordpress \+ Azure Ad \/ Microsoft Office 365 | 2024-11-21 | 4.3 MEDIUM | 9.3 CRITICAL |
|
The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other appl ...
Show More |
|||||
| CVE-2021-43334 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field.
|
|||||
| CVE-2021-43331 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS.
|
|||||
| CVE-2021-43324 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LibreNMS through 21.10.2 allows XSS via a widget title.
|
|||||
| CVE-2021-43295 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
|
|||||
| CVE-2021-43294 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
|
|||||
| CVE-2021-43288 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
|
|||||