Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40924 | 1 Pixeline | 1 Bugs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. | |||||
| CVE-2021-40923 | 1 Pixeline | 1 Bugs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. | |||||
| CVE-2021-40922 | 1 Pixeline | 1 Bugs | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. | |||||
| CVE-2021-40921 | 1 Detector Project | 1 Detector | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. | |||||
| CVE-2021-40910 | 1 Phpcms | 1 Phpcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side. | |||||
| CVE-2021-40909 | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial Project | 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud. | |||||
| CVE-2021-40906 | 2 Checkmk, Tribe29 | 2 Checkmk, Checkmk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication. | |||||
| CVE-2021-40902 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. | |||||
| CVE-2021-40888 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code. | |||||
| CVE-2021-40882 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | |||||
| CVE-2021-40868 | 1 Cloudron | 1 Cloudron | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. | |||||
| CVE-2021-40840 | 1 Liveconfig | 1 Liveconfig | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2. | |||||
| CVE-2021-40813 | 1 Element-it | 1 Http Commander | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. | |||||
| CVE-2021-40721 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Connect version 11.2.3 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2021-40714 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability via the accesskey parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser | |||||
| CVE-2021-40711 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Adobe Experience Manager version 6.5.9.0 (and earlier) is affected by a stored XSS vulnerability when creating Content Fragments. An authenticated attacker can send a malformed POST request to achieve arbitrary code execution. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-40678 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | |||||
| CVE-2021-40658 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | |||||
| CVE-2021-40637 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. | |||||
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||||