Total
37535 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-38870 | 1 Ibm | 1 Aspera On Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. | |||||
CVE-2021-38822 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands. | |||||
CVE-2021-38757 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php. | |||||
CVE-2021-38756 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php. | |||||
CVE-2021-38752 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar. | |||||
CVE-2021-38713 | 1 Imgurl Project | 1 Imgurl | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header. | |||||
CVE-2021-38710 | 1 Yclas | 1 Yclas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter. | |||||
CVE-2021-38709 | 1 Compo | 1 Composr Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS. | |||||
CVE-2021-38708 | 1 Compo | 1 Composr Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS. | |||||
CVE-2021-38707 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft. | |||||
CVE-2021-38704 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft. | |||||
CVE-2021-38702 | 1 Cyberoamworks | 2 Netgenie C0101b1-20141120-ng11vo, Netgenie C0101b1-20141120-ng11vo Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks. | |||||
CVE-2021-38701 | 1 Motorola | 20 T008, T008 Firmware, T100 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180. | |||||
CVE-2021-38699 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs. | |||||
CVE-2021-38695 | 1 Softvibe | 1 Saraban | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form. | |||||
CVE-2021-38681 | 1 Qnap | 2 Nas, Ragic Cloud Db | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. | |||||
CVE-2021-38680 | 1 Qnap | 1 Kazoo Server | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later | |||||
CVE-2021-38677 | 1 Qnap | 1 Qcalagent | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later | |||||
CVE-2021-38675 | 1 Qnap | 2 Image2pdf, Nas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later | |||||
CVE-2021-38674 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later |