Total
37574 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-44211 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via the class attribute of an element in an HTML e-mail signature. | |||||
| CVE-2021-44210 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via NIFF (Notation Interchange File Format) data. | |||||
| CVE-2021-44209 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via an HTML 5 element such as AUDIO. | |||||
| CVE-2021-44208 | 1 Open-xchange | 1 Ox App Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via an unknown system message in Chat. | |||||
| CVE-2021-44203 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||||
| CVE-2021-44202 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||||
| CVE-2021-44201 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||||
| CVE-2021-44200 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | |||||
| CVE-2021-44178 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser | |||||
| CVE-2021-44177 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-44176 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-44163 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. | |||||
| CVE-2021-44148 | 1 Gl-inet | 2 Gl-ar150, Gl-ar150 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | |||||
| CVE-2021-44120 | 1 Spip | 1 Spip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable. | |||||
| CVE-2021-44118 | 1 Spip | 1 Spip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS). | |||||
| CVE-2021-44116 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. | |||||
| CVE-2021-44114 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. | |||||
| CVE-2021-44091 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. | |||||
| CVE-2021-44082 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.1 MEDIUM | 8.3 HIGH |
| textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | |||||
| CVE-2021-44076 | 1 Crushftp | 1 Crushftp | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page. | |||||