Total
38019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43687 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. | |||||
| CVE-2021-43686 | 1 Nzedb Project | 1 Nzedb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t']. | |||||
| CVE-2021-43683 | 1 Haschek | 1 Pictshare | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash']. | |||||
| CVE-2021-43682 | 1 Thinkphp-bjyblog Project | 1 Thinkphp-bjyblog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $_SERVER['HTTP_HOST']. | |||||
| CVE-2021-43681 | 1 Zerodream | 1 Sakurapanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name']. | |||||
| CVE-2021-43678 | 1 Wechat-php-sdk Project | 1 Wechat-php-sdk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. | |||||
| CVE-2021-43677 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-43675 | 1 Lycheeorg | 1 Lychee | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. | |||||
| CVE-2021-43673 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). | |||||
| CVE-2021-43661 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | |||||
| CVE-2021-43659 | 1 Halo | 1 Halo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | |||||
| CVE-2021-43633 | 1 Messaging Web Application Project | 1 Messaging Web Application | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. | |||||
| CVE-2021-43574 | 1 Atmail | 1 Atmail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-43561 | 1 Pega-sus | 1 Google For Jobs | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability. | |||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | |||||
| CVE-2021-43551 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. | |||||
| CVE-2021-43549 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
| A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information. | |||||
| CVE-2021-43544 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | |||||
| CVE-2021-43543 | 2 Debian, Mozilla | 4 Debian Linux, Firefox, Firefox Esr and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | |||||
| CVE-2021-43530 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | |||||