Total
38029 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-46065 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code. | |||||
| CVE-2021-46034 | 1 Forestblog Project | 1 Forestblog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A problem was found in ForestBlog, as of 2021-12-29, there is a XSS vulnerability that can be injected through the nickname input box. | |||||
| CVE-2021-46030 | 1 Javaquarkbbs Project | 1 Javaquarkbbs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There is a Cross Site Scripting attack (XSS) vulnerability in JavaQuarkBBS <= v2. By entering specific statements into the background tag management module, the attack statement will be stored in the database, and the next victim will be attacked when he accesses the tag module. | |||||
| CVE-2021-46025 | 1 Oneblog Project | 1 Oneblog | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background. | |||||
| CVE-2021-46005 | 1 Car Rental Management System Project | 1 Car Rental Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Sourcecodester Car Rental Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via vehicalorcview parameter. | |||||
| CVE-2021-45919 | 1 Std42 | 1 Elfinder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Studio 42 elFinder through 2.1.31 allows XSS via an SVG document. | |||||
| CVE-2021-45906 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. | |||||
| CVE-2021-45905 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. | |||||
| CVE-2021-45904 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. | |||||
| CVE-2021-45903 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. | |||||
| CVE-2021-45895 | 1 Netgen | 1 Tags Bundle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. | |||||
| CVE-2021-45889 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp. | |||||
| CVE-2021-45888 | 1 Ponton | 1 X\/p Messenger | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in PONTON X/P Messenger before 3.11.2. The navigation tree that is shown on the left side of every page of the web application is vulnerable to XSS: it allows injection of JavaScript into its nodes. Creating such nodes is only possible for users who have the role Configuration Administrator or Administrator. | |||||
| CVE-2021-45866 | 1 Student Attendance Management System Project | 1 Student Attendance Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Student Attendance Management System 1.0 via the couse filed in index.php. | |||||
| CVE-2021-45843 | 1 Glfusion | 1 Glfusion | 2024-11-21 | N/A | 6.1 MEDIUM |
| glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response. | |||||
| CVE-2021-45822 | 1 Btiteam | 1 Xbtit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting vulnerability is present in Xbtit 3.1. The stored XSS vulnerability occurs because /ajaxchat/sendChatData.php does not properly validate the value of the "n" (POST) parameter. Through this vulnerability, an attacker is capable to execute malicious JavaScript code. | |||||
| CVE-2021-45815 | 1 Quectel | 2 Uc20, Uc20 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-45813 | 1 Slican | 1 Webcti | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft. | |||||
| CVE-2021-45812 | 1 Nuuo | 2 Nvrsolo, Nvrsolo Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking. | |||||
| CVE-2021-45792 | 1 Slims | 1 Senayan Library Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php. | |||||