Total
37395 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-34540 | 1 Advantech | 1 Webaccess | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advantech WebAccess 8.4.2 and 8.4.4 allows XSS via the username column of the bwRoot.asp page of WADashboard. | |||||
| CVE-2021-34370 | 1 Accela | 1 Civic Platform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Accela Civic Platform through 20.1 allows ssoAdapter/logoutAction.do successURL XSS. NOTE: the vendor states "there are configurable security flags and we are unable to reproduce them with the available information. | |||||
| CVE-2021-34364 | 1 Refined-github Project | 1 Refined-github | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Refined GitHub browser extension before 21.6.8 might allow XSS via a link in a document. NOTE: github.com sends Content-Security-Policy headers to, in general, address XSS and other concerns. | |||||
| CVE-2021-34361 | 1 Qnap | 2 Nas Proxy Server, Qts | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later | |||||
| CVE-2021-34359 | 1 Qnap | 2 Nas Proxy Server, Qts | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Proxy Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Proxy Server: QTS 4.5.x: Proxy Server 1.4.2 ( 2021/12/30 ) and later | |||||
| CVE-2021-34357 | 1 Qnap | 2 Nas, Qmailagent | 2024-11-21 | 4.3 MEDIUM | 6.9 MEDIUM |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QmailAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QmailAgent: QmailAgent 3.0.2 ( 2021/08/25 ) and later | |||||
| CVE-2021-34356 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2021-34355 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2021-34354 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 3.5 LOW | 7.6 HIGH |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | |||||
| CVE-2021-34243 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file. | |||||
| CVE-2021-34228 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. | |||||
| CVE-2021-34223 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. | |||||
| CVE-2021-34220 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. | |||||
| CVE-2021-34215 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. | |||||
| CVE-2021-34207 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. | |||||
| CVE-2021-34190 | 1 Issabel | 1 Pbx | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module. | |||||
| CVE-2021-34073 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. | |||||
| CVE-2021-33988 | 1 Microweber | 1 Microweber | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form. | |||||
| CVE-2021-33966 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | |||||
| CVE-2021-33961 | 1 Enhanced-github Project | 1 Enhanced-github | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. | |||||