Total
37538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40678 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | |||||
| CVE-2021-40658 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | |||||
| CVE-2021-40637 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. | |||||
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | |||||
| CVE-2021-40577 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. | |||||
| CVE-2021-40542 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. | |||||
| CVE-2021-40541 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text. | |||||
| CVE-2021-40517 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access. | |||||
| CVE-2021-40509 | 1 Jforum | 1 Jforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. | |||||
| CVE-2021-40492 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | |||||
| CVE-2021-40457 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability | |||||
| CVE-2021-40440 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-40377 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application. | |||||
| CVE-2021-40374 | 1 Apperta | 1 Openeye | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack. | |||||
| CVE-2021-40369 | 1 Apache | 1 Jspwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later. | |||||
| CVE-2021-40337 | 1 Hitachi | 1 Linkone | 2024-11-21 | 3.5 LOW | 4.2 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26. | |||||
| CVE-2021-40310 | 1 Os4ed | 1 Opensis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter. | |||||
| CVE-2021-40292 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter. | |||||
| CVE-2021-40261 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters in add_student.php, the (20) fname, (21) mname, (22) lname, (23) address, (24) class, (25) fgname, (26) gmname, (27) glname, (28) rship, (29) status, (30) transport, and (31) route parameters in save_stud.php,the (32) status, (33) fname, and (34) lname parameters in add_user.php, the (35) username, (36) firstname, and (37) status parameters in users.php, the (38) fname, (39) lname, and (40) status parameters in save_user.php, and the (41) activity_log, (42) aprjun, (43) class, (44) janmar, (45) Julsep,(46) octdec, (47) Students and (48) users parameters in table_name. | |||||
| CVE-2021-40260 | 1 Tailor Management System Project | 1 Tailor Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php. | |||||