Total
38019 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43505 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. | |||||
| CVE-2021-43462 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. | |||||
| CVE-2021-43461 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. | |||||
| CVE-2021-43459 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | |||||
| CVE-2021-43441 | 1 Iorder Project | 1 Iorder | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form | |||||
| CVE-2021-43440 | 1 Iorder Project | 1 Iorder | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field. | |||||
| CVE-2021-43439 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | |||||
| CVE-2021-43438 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | |||||
| CVE-2021-43436 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MartDevelopers Inc iResturant v1.0 allows Stored XSS by placing a payload in the username field during a login attempt. When an administrator looks at the log of failed logins, the XSS payload will be executed. | |||||
| CVE-2021-43432 | 1 Exrick | 1 Xmall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. | |||||
| CVE-2021-43409 | 1 Wpo365 | 1 Wordpress \+ Azure Ad \/ Microsoft Office 365 | 2024-11-21 | 4.3 MEDIUM | 9.3 CRITICAL |
| The “WPO365 | LOGIN” WordPress plugin (up to and including version 15.3) by wpo365.com is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. In this case, the XSS payload can be submitted by any anonymous user, the payload then renders and executes when a WordPress administrator authenticates and accesses the WordPress Dashboard. The injected payload can carry out actions on behalf of the administrator including adding other administrative users and changing application settings. This flaw could be exploited to ultimately provide full control of the affected system to the attacker. | |||||
| CVE-2021-43334 | 1 Buddyboss | 1 Buddyboss | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| BuddyBoss Platform through 1.8.0 allows XSS via the Group Name or Group Description field. | |||||
| CVE-2021-43331 | 2 Debian, Gnu | 2 Debian Linux, Mailman | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In GNU Mailman before 2.1.36, a crafted URL to the Cgi/options.py user options page can execute arbitrary JavaScript for XSS. | |||||
| CVE-2021-43324 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LibreNMS through 21.10.2 allows XSS via a widget title. | |||||
| CVE-2021-43295 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module. | |||||
| CVE-2021-43294 | 1 Zohocorp | 1 Manageengine Supportcenter Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module. | |||||
| CVE-2021-43288 | 1 Thoughtworks | 1 Gocd | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report. | |||||
| CVE-2021-43265 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element. | |||||
| CVE-2021-43198 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, stored XSS is possible. | |||||
| CVE-2021-43197 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS. | |||||