Total
37861 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37377 | 1 Teradek | 2 Brik, Brik Firmware | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37376 | 1 Teradek | 6 Bond, Bond 2, Bond 2 Firmware and 3 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37375 | 1 Teradek | 4 Vidiu, Vidiu Firmware, Vidiu Mini and 1 more | 2024-11-21 | N/A | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | |||||
| CVE-2021-37365 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage. | |||||
| CVE-2021-37330 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger. | |||||
| CVE-2021-37271 | 1 Baidu | 1 Ueditor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-37267 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-37216 | 1 Qsan | 4 Xn8008t, Xn8008t Firmware, Xn8024r and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data. | |||||
| CVE-2021-37211 | 1 Larvata | 1 Flygo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks. | |||||
| CVE-2021-37195 | 1 Siemens | 1 Comos | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. | |||||
| CVE-2021-37152 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. | |||||
| CVE-2021-36950 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2021-36946 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-36920 | 1 Wpchill | 1 Download Monitor | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated Reflected Cross-Site Scripting (XSS) vulnerability discovered in WordPress plugin Download Monitor (versions <= 4.4.6). | |||||
| CVE-2021-36919 | 1 Getawesomesupport | 1 Awesome Support | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
| Multiple Authenticated Reflected Cross-Site Scripting (XSS) vulnerabilities in WordPress Awesome Support plugin (versions <= 6.0.6), vulnerable parameters (&id, &assignee). | |||||
| CVE-2021-36914 | 1 Claderaform | 1 Calderawp License Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-Site Request Forgery (CSRF) vulnerability leading to Reflected Cross-Site Scripting (XSS) in CalderaWP License Manager (WordPress plugin) <= 1.2.11. | |||||
| CVE-2021-36912 | 1 Google-news-sitemap Project | 1 Google-news-sitemap | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability in Andrea Pernici News Sitemap for Google plugin <= 1.0.16 on WordPress, attackers must have contributor or higher user role. | |||||
| CVE-2021-36911 | 1 Comment Engine Pro Project | 1 Comment Engine Pro | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Stored Cross-Site Scripting (XSS) vulnerability discovered in WordPress Comment Engine Pro plugin (versions <= 1.0), could be exploited by users with Editor or higher role. | |||||
| CVE-2021-36910 | 1 Wp-appbox Project | 1 Wp-appbox | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Authenticated (admin user role) Stored Cross-Site Scripting (XSS) in WP-Appbox (WordPress plugin) <= 4.3.20. | |||||
| CVE-2021-36905 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | N/A | 5.4 MEDIUM |
| Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | |||||