Total
38032 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46387 | 1 Zyxel | 2 Zywall 2 Plus Internet Security Appliance, Zywall 2 Plus Internet Security Appliance Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. | |||||
| CVE-2021-46382 | 1 Netgear | 2 Wac120 Ac, Wac120 Ac Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | |||||
| CVE-2021-46372 | 1 Erudika | 1 Scoold | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters. | |||||
| CVE-2021-46355 | 1 Factorfx | 1 Ocs Inventory | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS). | |||||
| CVE-2021-46253 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-46251 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | |||||
| CVE-2021-46163 | 1 Kentico | 1 Kentico Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Kentico Xperience 13.0.44 allows XSS via an XML document to the Media Libraries subsystem. | |||||
| CVE-2021-46150 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. | |||||
| CVE-2021-46146 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | |||||
| CVE-2021-46144 | 2 Debian, Roundcube | 2 Debian Linux, Roundcube | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | |||||
| CVE-2021-46109 | 1 Asus | 1 Rt-ac52u B1 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invalid input sanitizing leads to reflected Cross Site Scripting (XSS) in ASUS RT-AC52U_B1 3.0.0.4.380.10931 can lead to a user session hijack. | |||||
| CVE-2021-46108 | 1 Dlink | 2 Dsl-2730e, Dsl-2730e Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration. | |||||
| CVE-2021-46087 | 1 Jflyfox | 1 Jfinal Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In jfinal_cms >= 5.1 0, there is a storage XSS vulnerability in the background system of CMS. Because developers do not filter the parameters submitted by the user input form, any user with background permission can affect the system security by entering malicious code. | |||||
| CVE-2021-46084 | 1 Uscat Project | 1 Uscat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via "close registration information" input box. | |||||
| CVE-2021-46083 | 1 Uscat Project | 1 Uscat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| uscat, as of 2021-12-28, is vulnerable to Cross Site Scripting (XSS) via the input box of the statistical code. | |||||
| CVE-2021-46080 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability. | |||||
| CVE-2021-46074 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel. | |||||
| CVE-2021-46073 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the User List Section in login panel. | |||||
| CVE-2021-46072 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel. | |||||
| CVE-2021-46071 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel. | |||||