Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3351 | 1 Openplcproject | 1 Openplc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenPLC runtime V3 through 2016-03-14 allows stored XSS via the Device Name to the web server's Add New Device page. | |||||
| CVE-2021-3350 | 1 Delete Account Project | 1 Delete Account | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| deleteaccount.php in the Delete Account plugin 1.4 for MyBB allows XSS via the deletereason parameter. | |||||
| CVE-2021-3340 | 1 Wikindx Project | 1 Wikindx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php. | |||||
| CVE-2021-3333 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link. | |||||
| CVE-2021-3327 | 1 Ovation | 1 Dynamic Content | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter. | |||||
| CVE-2021-3318 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter. | |||||
| CVE-2021-3315 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. | |||||
| CVE-2021-3314 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||
| CVE-2021-3313 | 1 Plone | 1 Plone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload. | |||||
| CVE-2021-3298 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. | |||||
| CVE-2021-3294 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website. | |||||
| CVE-2021-3279 | 1 Fortics | 1 Szchat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| sz.chat version 4 allows injection of web scripts and HTML in the message box. | |||||
| CVE-2021-3275 | 1 Tp-link | 10 Archer-c3150, Archer-c3150 Firmware, Td-w9977 and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without sanitization. | |||||
| CVE-2021-3271 | 1 Pressbooks | 1 Pressbooks | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS. | |||||
| CVE-2021-3258 | 1 Qa-themes | 1 Q2a Ultimate Seo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution. | |||||
| CVE-2021-3243 | 1 Wfiltericf | 1 Wfilter Internet Content Filter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function. | |||||
| CVE-2021-3224 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | |||||
| CVE-2021-3210 | 1 Bloodhound Project | 1 Bloodhound | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. | |||||
| CVE-2021-3184 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | |||||
| CVE-2021-3163 | 1 Slab | 1 Quill | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser | |||||