Total
37576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44608 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php. | |||||
| CVE-2021-44607 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | |||||
| CVE-2021-44598 | 1 Attendance Management System Project | 1 Attendance Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system. | |||||
| CVE-2021-44585 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | |||||
| CVE-2021-44584 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter. | |||||
| CVE-2021-44566 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | |||||
| CVE-2021-44565 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | |||||
| CVE-2021-44544 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. | |||||
| CVE-2021-44543 | 1 Privoxy | 1 Privoxy | 2024-11-21 | 2.6 LOW | 6.1 MEDIUM |
| An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. | |||||
| CVE-2021-44478 | 1 Siemens | 2 Polarion Alm, Polarion Subversion Webclient | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker could exploit this to execute arbitrary code and extract sensitive information by sending a specially crafted link to users with administrator privileges. | |||||
| CVE-2021-44471 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. | |||||
| CVE-2021-44461 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim. | |||||
| CVE-2021-44317 | 1 Phpgurukul | 1 Bus Pass Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. | |||||
| CVE-2021-44310 | 1 Firmware Analysis And Comparison Tool Project | 1 Firmware Analysis And Comparison Tool | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in Firmware Analysis and Comparison Tool v3.2. With administrator privileges, the attacker could perform stored XSS attacks by inserting JavaScript and HTML code in user creation functionality. | |||||
| CVE-2021-44299 | 1 Naviwebs | 1 Navigate Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in \lib\packages\themes\themes.php of Navigate CMS v2.9.4 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-44279 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. | |||||
| CVE-2021-44277 | 1 Librenms | 1 Librenms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. | |||||
| CVE-2021-44266 | 1 Gunet | 1 Open Eclass Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GUnet Open eClass (aka openeclass) before 3.12.2 allows XSS via the modules/auth/formuser.php auth parameter. | |||||
| CVE-2021-44263 | 1 Gurock | 1 Testrail | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Gurock TestRail before 7.2.4 mishandles HTML escaping. | |||||
| CVE-2021-44217 | 1 Ericsson | 1 Codechecker | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Ericsson CodeChecker through 6.18.0, a Stored Cross-site scripting (XSS) vulnerability in the comments component of the reports viewer allows remote attackers to inject arbitrary web script or HTML via the POST JSON data of the /CodeCheckerService API. | |||||