Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 37535 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-38619 1 Openbaraza 1 Openbaraza Human Capital Management 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).
CVE-2021-38607 1 Crocoblock 1 Jetengine 2024-11-21 3.5 LOW 5.4 MEDIUM
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.
CVE-2021-38603 1 Pluxml 1 Pluxml 2024-11-21 3.5 LOW 4.8 MEDIUM
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
CVE-2021-38602 1 Pluxml 1 Pluxml 2024-11-21 3.5 LOW 4.8 MEDIUM
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
CVE-2021-38583 1 Openbaraza 1 Openbaraza Human Capital Management 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input, which allows reflected cross-site scripting (XSS) on multiple pages: hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view= and data=).
CVE-2021-38560 1 Ivanti 1 Service Manager 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Ivanti Service Manager 2021.1 allows reflected XSS via the appName parameter associated with ConfigDB calls, such as in RelocateAttachments.aspx.
CVE-2021-38559 1 Digitaldruid 1 Hoteldruid 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
DigitalDruid HotelDruid 3.0.2 has an XSS vulnerability in prenota.php affecting the fineperiodo1 parameter.
CVE-2021-38538 1 Netgear 30 D7800, D7800 Firmware, R7800 and 27 more 2024-11-21 4.3 MEDIUM 6.3 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.
CVE-2021-38537 1 Netgear 36 Ac2100, Ac2100 Firmware, Ac2400 and 33 more 2024-11-21 3.5 LOW 4.2 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.
CVE-2021-38536 1 Netgear 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more 2024-11-21 3.5 LOW 4.3 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.66, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
CVE-2021-38535 1 Netgear 38 Ac2100, Ac2100 Firmware, Ac2400 and 35 more 2024-11-21 3.5 LOW 4.3 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6700v2 before 1.2.0.76, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, RAX35 before 1.0.3.62, and RAX40 before 1.0.3.62.
CVE-2021-38534 1 Netgear 86 D3600, D3600 Firmware, D6000 and 83 more 2024-11-21 3.5 LOW 4.1 MEDIUM
Certain NETGEAR devices are affected by stored XSS. This affects D3600 before 1.0.0.76, D6000 before 1.0.0.76, D6100 before 1.0.0.60, D6200 before 1.1.00.36, D6220 before 1.0.0.52, D6400 before 1.0.0.86, D7000 before 1.0.1.70, D7000v2 before 1.0.0.53, D8500 before 1.0.3.44, DC112A before 1.0.0.42, DGN2200v4 before 1.0.0.110, DGND2200Bv4 before 1.0.0.109, DM200 before 1.0.0.61, JR6150 before 1.0.1.18, PR2000 before 1.0.0.28, R6020 before 1.0.0.42, R6050 before 1.0.1.18, R6080 before 1.0.0.42, R6220 before 1.1.0.80, R6230 before 1.1.0.80, R6250 before 1.0.4.34, R6260 before 1.1.0.64, R6300v2 before 1.0.4.34, R6400 before 1.0.1.46, R6400v2 before 1.0.2.62, R6700 before 1.0.2.6, R6700v2 before 1.2.0.36, R6700v3 before 1.0.2.62, R6800 before 1.2.0.36, R6900 before 1.0.2.4, R6900P before 1.3.1.64, R6900v2 before 1.2.0.36, R7000 before 1.0.9.60, R7000P before 1.3.1.64, R7100LG before 1.0.0.50, R7300DST before 1.0.0.70, R7450 before 1.2.0.36, R7900 before 1.0.3.8, R7900P before 1.4.1.50, R8000 before 1.0.4.28, R8000P before 1.4.1.50, R8300 before 1.0.2.130, R8500 before 1.0.2.130, WNDR3400v3 before 1.0.1.24, WNR2020 before 1.1.0.62, WNR3500Lv2 before 1.2.0.62, XR450 before 2.3.2.40, and XR500 before 2.3.2.40.
CVE-2021-38533 1 Netgear 2 Rax40, Rax40 Firmware 2024-11-21 3.5 LOW 5.4 MEDIUM
NETGEAR RAX40 devices before 1.0.3.64 are affected by stored XSS.
CVE-2021-38488 1 Deltaww 1 Dialink 2024-11-21 3.5 LOW 5.5 MEDIUM
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter comment of the API events, which may allow an attacker to remotely execute code.
CVE-2021-38482 1 Inhandnetworks 2 Ir615, Ir615 Firmware 2024-11-21 3.5 LOW 8.7 HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of users connected to the system.
CVE-2021-38468 1 Inhandnetworks 2 Ir615, Ir615 Firmware 2024-11-21 3.5 LOW 8.7 HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system.
CVE-2021-38466 1 Inhandnetworks 2 Ir615, Ir615 Firmware 2024-11-21 4.3 MEDIUM 8.8 HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. This may allow an attacker to perform a reflected cross-site scripting attack, which could allow an attacker to run code on behalf of the client browser.
CVE-2021-38428 1 Deltaww 1 Dialink 2024-11-21 3.5 LOW 5.5 MEDIUM
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API schedule, which may allow an attacker to remotely execute code.
CVE-2021-38411 1 Deltaww 1 Dialink 2024-11-21 3.5 LOW 5.5 MEDIUM
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter deviceName of the API modbusWriter-Reader, which may allow an attacker to remotely execute code.
CVE-2021-38407 1 Deltaww 1 Dialink 2024-11-21 3.5 LOW 5.5 MEDIUM
Delta Electronics DIALink versions 1.2.4.0 and prior is vulnerable to cross-site scripting because an authenticated attacker can inject arbitrary JavaScript code into the parameter name of the API devices, which may allow an attacker to remotely execute code.