Total
37572 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43776 | 1 Linuxfoundation | 1 Auth Backend | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. | |||||
| CVE-2021-43765 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-43764 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-43761 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-43742 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. | |||||
| CVE-2021-43729 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. | |||||
| CVE-2021-43728 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. | |||||
| CVE-2021-43725 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | |||||
| CVE-2021-43724 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | |||||
| CVE-2021-43721 | 1 Leanote | 1 Leanote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> | |||||
| CVE-2021-43712 | 1 Employee Daily Task Management System Project | 1 Employee Daily Task Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | |||||
| CVE-2021-43707 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | |||||
| CVE-2021-43702 | 1 Asus | 186 4g-ac53u, 4g-ac53u Firmware, 4g-ac68u and 183 more | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. | |||||
| CVE-2021-43698 | 1 Phpwhois Project | 1 Phpwhois | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability. | |||||
| CVE-2021-43697 | 1 Workerman-thinkphp-redis Project | 1 Workerman-thinkphp-redis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability. | |||||
| CVE-2021-43696 | 1 Twmap Project | 1 Twmap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. | |||||
| CVE-2021-43695 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. | |||||
| CVE-2021-43692 | 1 Youtube-php-mirroring Project | 1 Youtube-php-mirroring | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| youtube-php-mirroring (last update Jun 9, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in file ytproxy/index.php. | |||||
| CVE-2021-43690 | 1 Yurunproxy Project | 1 Yurunproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. | |||||
| CVE-2021-43689 | 1 Manage Project | 1 Manage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. | |||||