Total
38032 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-46889 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A | 6.1 MEDIUM |
| The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. | |||||
| CVE-2021-46888 | 1 Hledger | 1 Hledger | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function. | |||||
| CVE-2021-46827 | 1 Sync | 5 Oxygen Publishing Engine, Oxygen Xml Author, Oxygen Xml Developer and 2 more | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field. | |||||
| CVE-2021-46824 | 1 School File Management System Project | 1 School File Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | |||||
| CVE-2021-46782 | 1 Supsystic | 1 Price Table | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-46781 | 1 Subsystic | 1 Coming Soon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-46780 | 1 Supsystic | 1 Easy Google Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | |||||
| CVE-2021-46709 | 1 Phpliteadmin | 1 Phpliteadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number). | |||||
| CVE-2021-46681 | 1 Artica | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via module massive operation name field. | |||||
| CVE-2021-46680 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. | |||||
| CVE-2021-46679 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. | |||||
| CVE-2021-46678 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. | |||||
| CVE-2021-46677 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. | |||||
| CVE-2021-46676 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | N/A | 4.0 MEDIUM |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. | |||||
| CVE-2021-46558 | 1 Issabel | 1 Pbx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | |||||
| CVE-2021-46557 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. | |||||
| CVE-2021-46447 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. | |||||
| CVE-2021-46437 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | |||||
| CVE-2021-46426 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | |||||