Total
38124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32426 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. | |||||
| CVE-2021-32302 | 1 Irz | 2 Ruh2, Ruh2 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | |||||
| CVE-2021-32245 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack. | |||||
| CVE-2021-32244 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. | |||||
| CVE-2021-32233 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before Build 7776 allows XSS. | |||||
| CVE-2021-32202 | 1 Cs-cart | 1 Cs-cart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. | |||||
| CVE-2021-32161 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2021-32160 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | |||||
| CVE-2021-32158 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||
| CVE-2021-32157 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | |||||
| CVE-2021-32106 | 1 Icecoder | 1 Icecoder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed. | |||||
| CVE-2021-32103 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter. | |||||
| CVE-2021-32092 | 1 Nsa | 1 Emissary | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter. | |||||
| CVE-2021-32091 | 1 Localstack | 1 Localstack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6. | |||||
| CVE-2021-32052 | 3 Djangoproject, Fedoraproject, Python | 3 Django, Fedora, Python | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers. | |||||
| CVE-2021-32019 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP. | |||||
| CVE-2021-32009 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions. | |||||
| CVE-2021-32005 | 1 Secomea | 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions. | |||||
| CVE-2021-31935 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view. | |||||
| CVE-2021-31934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone. | |||||