Total
37342 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-28807 | 1 Qnap | 4 Q\'center, Qts, Quts Hero and 1 more | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
| A post-authentication reflected XSS vulnerability has been reported to affect QNAP NAS running Q’center. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already fixed this vulnerability in the following versions of Q’center: QTS 4.5.3: Q’center v1.12.1012 and later QTS 4.3.6: Q’center v1.10.1004 and later QTS 4.3.3: Q’center v1.10.1004 and later QuTS hero h4.5.2: Q’center v1.12.1012 and later QuTScloud c4.5.4: Q’center v1.12.1012 and later | |||||
| CVE-2021-28806 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| A DOM-based XSS vulnerability has been reported to affect QNAP NAS running QTS and QuTS hero. If exploited, this vulnerability allows attackers to inject malicious code. This issue affects: QNAP Systems Inc. QTS versions prior to 4.5.3.1652 Build 20210428. QNAP Systems Inc. QuTS hero versions prior to h4.5.2.1638 Build 20210414. QNAP Systems Inc. QuTScloud versions prior to c4.5.5.1656 Build 20210503. This issue does not affect: QNAP Systems Inc. QTS 4.3.6; 4.3.3. | |||||
| CVE-2021-28803 | 1 Qnap | 1 Q\'center | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| This issue affects: QNAP Systems Inc. Q'center versions prior to 1.11.1004. | |||||
| CVE-2021-28796 | 1 Increments | 1 Qiita\ | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. | |||||
| CVE-2021-28628 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-28625 | 1 Adobe | 1 Experience Manager | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| Adobe Experience Manager Cloud Service offering, as well as versions 6.5.8.0 (and below) is affected by a Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-28556 | 1 Magento | 1 Magento | 2024-11-21 | 3.5 LOW | 6.9 MEDIUM |
| Magento versions 2.4.2 (and earlier), 2.4.1-p1 (and earlier) and 2.3.6-p1 (and earlier) are affected by a DOM-based Cross-Site Scripting vulnerability on mage-messages cookies. Successful exploitation could lead to arbitrary JavaScript execution by an unauthenticated attacker. User interaction is required for successful exploitation. | |||||
| CVE-2021-28461 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
| Dynamics Finance and Operations Cross-site Scripting Vulnerability | |||||
| CVE-2021-28459 | 1 Microsoft | 1 Azure Devops Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Azure DevOps Server Spoofing Vulnerability | |||||
| CVE-2021-28424 | 1 Phpgurukul | 1 Teachers Record Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in Teachers Record Management System 1.0 allows remote authenticated users to inject arbitrary web script or HTML via the 'email' POST parameter in adminprofile.php. | |||||
| CVE-2021-28420 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. | |||||
| CVE-2021-28418 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. | |||||
| CVE-2021-28417 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. | |||||
| CVE-2021-28382 | 1 Zohocorp | 1 Manageengine Key Manager Plus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Key Manager Plus before 6001 allows Stored XSS on the user-management page while importing malicious user details from AD. | |||||
| CVE-2021-28380 | 1 Aimeos Project | 1 Aimeos | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The aimeos (aka Aimeos shop and e-commerce framework) extension before 19.10.12 and 20.x before 20.10.5 for TYPO3 allows XSS via a backend user account. | |||||
| CVE-2021-28378 | 1 Gitea | 1 Gitea | 2024-11-21 | 3.5 LOW | 3.7 LOW |
| Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. | |||||
| CVE-2021-28359 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "origin" parameter passed to some of the endpoints like '/trigger' was vulnerable to XSS exploit. This issue affects Apache Airflow versions <1.10.15 in 1.x series and affects 2.0.0 and 2.0.1 and 2.x series. This is the same as CVE-2020-13944 & CVE-2020-17515 but the implemented fix did not fix the issue completely. Update to Airflow 1.10.15 or 2.0.2. Please also update your Python version to the latest available PATCH releases of the installed MINOR versions, example update to Python 3.6.13 if you are on Python 3.6. (Those contain the fix for CVE-2021-23336 https://nvd.nist.gov/vuln/detail/CVE-2021-23336). | |||||
| CVE-2021-28290 | 1 Identityserver4.admin Project | 1 Identityserver4.admin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Skoruba IdentityServer4.Admin before 2.0.0 via unencoded value passed to the data-secret-value parameter. | |||||
| CVE-2021-28280 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML | |||||
| CVE-2021-28247 | 1 Ca | 1 Ehealth Performance Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | |||||