Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-29104 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
|
|||||
| CVE-2021-29103 | 1 Esri | 1 Arcgis Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
|
|||||
| CVE-2021-29056 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.
|
|||||
| CVE-2021-29055 | 1 School File Management System Project | 1 School File Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.
|
|||||
| CVE-2021-29046 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title parameter.
|
|||||
| CVE-2021-29045 | 1 Liferay | 2 Dxp, Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.
|
|||||
| CVE-2021-29039 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.
|
|||||
| CVE-2021-29033 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.
|
|||||
| CVE-2021-29032 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.
|
|||||
| CVE-2021-29031 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.
|
|||||
| CVE-2021-29030 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.
|
|||||
| CVE-2021-29029 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.
|
|||||
| CVE-2021-29028 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.
|
|||||
| CVE-2021-29027 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.
|
|||||
| CVE-2021-29026 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.
|
|||||
| CVE-2021-29025 | 1 Bitweaver | 1 Bitweaver | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.
|
|||||
| CVE-2021-29011 | 1 Dmasoftlab | 1 Dma Radius Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php).
|
|||||
| CVE-2021-29010 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
|
|||||
| CVE-2021-29009 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
|
|||||
| CVE-2021-29008 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter.
|
|||||
| CVE-2021-29002 | 1 Plone | 1 Plone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.
|
|||||
| CVE-2021-28977 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting vulnerability in GetSimpleCMS 3.3.16 in admin/upload.php by adding comments or jpg and other file header information to the content of xla, pages, and gzip files,
|
|||||
| CVE-2021-28975 | 1 Wpmailster | 1 Wp Mailster | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mst_servers page, for a crafted server_host, server_name, or connection_parameter parameter.
|
|||||
| CVE-2021-28968 | 1 Gnu | 1 Punbb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in PunBB before 1.4.6. An XSS vulnerability in the [email] BBcode tag allows (with authentication) injecting arbitrary JavaScript into any forum message.
|
|||||
| CVE-2021-28935 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CMS Made Simple (CMSMS) 2.2.15 allows authenticated XSS via the /admin/addbookmark.php script through the Site Admin > My Preferences > Title field.
|
|||||
| CVE-2021-28924 | 1 Nagios | 1 Network Analyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.
|
|||||
| CVE-2021-28901 | 1 Sitasoftware | 1 Azurcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite.
|
|||||
| CVE-2021-28833 | 1 Increments | 1 Qiita\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796.
|
|||||
| CVE-2021-28827 | 1 Tibco | 2 Administrator, Runtime Agent | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
The Administration GUI component of TIBCO Software Inc.'s TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition Distribution for TIBCO Silver Fabric, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Administrator - Enterprise Edition for z/Linux, TIBCO Runtime Agent, TIBCO Runtime Agent, TIBCO Runtime Agent for z/Linux, and TIBCO Runtime ...
Show More |
|||||
| CVE-2021-28807 | 1 Qnap | 4 Q\'center, Qts, Quts Hero and 1 more | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
|
A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later
|
|||||
| CVE-2021-28806 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
|
A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503. This issue does not affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3.
|
|||||
| CVE-2021-28803 | 1 Qnap | 1 Q\'center | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004.
|
|||||
| CVE-2021-28796 | 1 Increments | 1 Qiita\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Increments Qiita::Markdown before 0.33.0 allows XSS in transformers.
|
|||||
| CVE-2021-28556 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
|
Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation.
|
|||||
| CVE-2021-28461 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
|
Dynamics Finance and Operations Cross-site Scripting Vulnerability
|
|||||
| CVE-2021-28459 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Azure DevOps Server Spoofing Vulnerability
|
|||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php.
|
|||||
| CVE-2021-28420 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter.
|
|||||
| CVE-2021-28418 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter.
|
|||||
| CVE-2021-28417 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter.
|
|||||