Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 37817 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-29103 1 Esri 1 Arcgis Server 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
CVE-2021-29056 1 Pixelimity 1 Pixelimity 2024-11-21 3.5 LOW 4.8 MEDIUM
Cross Site Scripting (XSS) vulnerability exists in Pixelimity 1.0 via the HTTP POST parameter to admin/setting.php.
CVE-2021-29055 1 School File Management System Project 1 School File Management System 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Firtstname parameter to the Update Account form in student_profile.php.
CVE-2021-29046 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Asset module's category selector input field in Liferay Portal 7.3.5 and Liferay DXP 7.3 before fix pack 1, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_asset_categories_admin_web_portlet_AssetCategoriesAdminPortlet_title parameter.
CVE-2021-29045 1 Liferay 2 Dxp, Liferay Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Redirect module's redirection administration page in Liferay Portal 7.3.2 through 7.3.5, and Liferay DXP 7.3 before fix pack 1 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_redirect_web_internal_portlet_RedirectPortlet_destinationURL parameter.
CVE-2021-29039 1 Liferay 1 Liferay Portal 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Cross-site scripting (XSS) vulnerability in the Asset module's categories administration page in Liferay Portal 7.3.4 allows remote attackers to inject arbitrary web script or HTML via the site name.
CVE-2021-29033 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/edit_group.php URI.
CVE-2021-29032 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/preferences.php URI.
CVE-2021-29031 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/users_import.php URI.
CVE-2021-29030 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/index.php URI.
CVE-2021-29029 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/edit_personal_page.php URI.
CVE-2021-29028 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/user_activity.php URI.
CVE-2021-29027 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/index.php URI.
CVE-2021-29026 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/admin/permissions.php URI.
CVE-2021-29025 1 Bitweaver 1 Bitweaver 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) vulnerability in Bitweaver version 3.1.0 allows remote attackers to inject JavaScript via the /users/my_images.php URI.
CVE-2021-29011 1 Dmasoftlab 1 Dma Radius Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DMA Softlab Radius Manager 4.4.0 is affected by Cross Site Scripting (XSS) via the description, name, or address field (under admin.php).
CVE-2021-29010 1 Seopanel 1 Seo Panel 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "report_type" parameter.
CVE-2021-29009 1 Seopanel 1 Seo Panel 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php in the "type" parameter.
CVE-2021-29008 1 Seopanel 1 Seo Panel 2024-11-21 3.5 LOW 4.8 MEDIUM
A cross-site scripting (XSS) issue in SEO Panel 4.8.0 allows remote attackers to inject JavaScript via webmaster-tools.php in the "to_time" parameter.
CVE-2021-29002 1 Plone 1 Plone 2024-11-21 3.5 LOW 5.4 MEDIUM
A stored cross-site scripting (XSS) vulnerability in Plone CMS 5.2.3 exists in site-controlpanel via the "form.widgets.site_title" parameter.