Total
37309 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27369 | 1 Monicahq | 1 Monica | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | |||||
| CVE-2021-27368 | 1 Monicahq | 1 Monica | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | |||||
| CVE-2021-27349 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. | |||||
| CVE-2021-27340 | 1 Os4ed | 1 Opensis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. | |||||
| CVE-2021-27338 | 1 Faraday | 1 Edge | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. | |||||
| CVE-2021-27332 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. | |||||
| CVE-2021-27330 | 1 Triconsole | 1 Datepicker Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. | |||||
| CVE-2021-27318 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. | |||||
| CVE-2021-27317 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | |||||
| CVE-2021-27310 | 1 Csphere | 1 Clansphere | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. | |||||
| CVE-2021-27309 | 1 Csphere | 1 Clansphere | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. | |||||
| CVE-2021-27308 | 1 4homepages | 1 4images | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. | |||||
| CVE-2021-27288 | 1 X2engine | 1 X2crm | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. | |||||
| CVE-2021-27279 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | |||||
| CVE-2021-27237 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | |||||
| CVE-2021-27222 | 1 Obss | 1 Time In Status | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. | |||||
| CVE-2021-27214 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | |||||
| CVE-2021-27190 | 1 Peel | 1 Peel Shopping | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting(XSS) Vulnerability was discovered in PEEL SHOPPING 9.3.0 and 9.4.0, which are publicly available. The user supplied input containing polyglot payload is echoed back in javascript code in HTML response. This allows an attacker to input malicious JavaScript which can steal cookie, redirect them to other malicious website, etc. | |||||
| CVE-2021-27180 | 1 Altn | 1 Mdaemon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MDaemon before 20.0.4. There is Reflected XSS in Webmail (aka WorldClient). It can be exploited via a GET request. It allows performing any action with the privileges of the attacked user. | |||||
| CVE-2021-27131 | 1 Moodle | 1 Moodle | 2024-11-21 | N/A | 5.4 MEDIUM |
| Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript). | |||||