Total
37309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27531 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. | |||||
| CVE-2021-27530 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. | |||||
| CVE-2021-27529 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. | |||||
| CVE-2021-27528 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. | |||||
| CVE-2021-27527 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. | |||||
| CVE-2021-27526 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. | |||||
| CVE-2021-27524 | 1 Margox | 1 Braft-editor | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | |||||
| CVE-2021-27520 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. | |||||
| CVE-2021-27519 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. | |||||
| CVE-2021-27517 | 1 Foxit | 2 Phantompdf, Reader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). | |||||
| CVE-2021-27479 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. | |||||
| CVE-2021-27465 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. | |||||
| CVE-2021-27442 | 1 Weintek | 32 Cmt-ctrl01, Cmt-ctrl01 Firmware, Cmt-fhd and 29 more | 2024-11-21 | 4.3 MEDIUM | 9.4 CRITICAL |
| The Weintek cMT product line is vulnerable to a cross-site scripting vulnerability, which could allow an unauthenticated remote attacker to inject malicious JavaScript code. | |||||
| CVE-2021-27436 | 1 Advantech | 1 Webaccess\/scada | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser actions. | |||||
| CVE-2021-27418 | 1 Ge | 38 Multilin B30, Multilin B30 Firmware, Multilin B90 and 35 more | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| GE UR firmware versions prior to version 8.1x supports web interface with read-only access. The device fails to properly validate user input, making it possible to perform cross-site scripting attacks, which may be used to send a malicious script. Also, UR Firmware web server does not perform HTML encoding of user-supplied strings. | |||||
| CVE-2021-27416 | 1 Hitachienergy | 1 Ellipse Enterprise Asset Management | 2024-11-21 | 5.8 MEDIUM | 5.5 MEDIUM |
| An attacker could exploit this vulnerability in Hitachi ABB Power Grids Ellipse Enterprise Asset Management (EAM) versions prior to and including 9.0.25 by tricking a user to click on a link containing malicious code that would then be run by the web browser. This can result in the compromise of confidential information, or even the takeover of the user’s session. | |||||
| CVE-2021-27403 | 1 Asus | 2 Askey Rtf8115vw, Askey Rtf8115vw Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Askey RTF8115VW BR_SV_g11.11_RTF_TEF001_V6.54_V014 devices allow cgi-bin/te_acceso_router.cgi curWebPage XSS. | |||||
| CVE-2021-27401 | 1 Mitel | 1 Micollab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Join Meeting page of Mitel MiCollab Web Client before 9.2 FP2 could allow an attacker to access (view and modify) user data by executing arbitrary code due to insufficient input validation, aka Cross-Site Scripting (XSS). | |||||
| CVE-2021-27371 | 1 Monicahq | 1 Monica | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the Description field. | |||||
| CVE-2021-27370 | 1 Monicahq | 1 Monica | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. | |||||