Total
37550 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42838 | 1 Vice | 1 Webopac | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks. | |||||
| CVE-2021-42770 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester. | |||||
| CVE-2021-42752 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests | |||||
| CVE-2021-42751 | 1 Thingsboard | 1 Thingsboard | 2024-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node. | |||||
| CVE-2021-42750 | 1 Thingsboard | 1 Thingsboard | 2024-11-21 | N/A | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node. | |||||
| CVE-2021-42703 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action. | |||||
| CVE-2021-42664 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | |||||
| CVE-2021-42663 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice. | |||||
| CVE-2021-42662 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more. | |||||
| CVE-2021-42656 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-42650 | 1 Portainer | 1 Portainer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. | |||||
| CVE-2021-42648 | 1 Coder | 1 Code-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL. | |||||
| CVE-2021-42639 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. | |||||
| CVE-2021-42597 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. | |||||
| CVE-2021-42584 | 1 Convos | 1 Convos | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. | |||||
| CVE-2021-42567 | 1 Apereo | 1 Central Authentication Service | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. | |||||
| CVE-2021-42566 | 1 Myfactory | 1 Fms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| myfactory.FMS before 7.1-912 allows XSS via the Error parameter. | |||||
| CVE-2021-42565 | 1 Myfactory | 1 Fms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| myfactory.FMS before 7.1-912 allows XSS via the UID parameter. | |||||
| CVE-2021-42558 | 1 Mitre | 1 Caldera | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers. | |||||
| CVE-2021-42552 | 1 Archivista | 1 Archivistabox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I. | |||||