Total
44192 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41567 | 1 Tad Uploader Project | 1 Tad Uploader | 2024-11-21 | 6.1 Medium |
| The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. | ||||
| CVE-2021-41565 | 1 Tadtools Project | 1 Tadtools | 2024-11-21 | 6.1 Medium |
| TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. | ||||
| CVE-2021-41563 | 1 Tad Book3 Project | 1 Tad Book3 | 2024-11-21 | 6.1 Medium |
| Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. | ||||
| CVE-2021-41557 | 1 Sofico | 1 Miles Rich Internet Application | 2024-11-21 | 5.4 Medium |
| Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number. | ||||
| CVE-2021-41555 | 1 Archibus | 1 Web Central | 2024-11-21 | 6.1 Medium |
| In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML code or client-side executable code (e.g., Javascript) is entered as input, the expected execution flow could be altered. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Version 21.3 was officially de-supported by the end of 2020 | ||||
| CVE-2021-41542 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. | ||||
| CVE-2021-41541 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. | ||||
| CVE-2021-41502 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. | ||||
| CVE-2021-41467 | 1 Justwriting Project | 1 Justwriting | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. | ||||
| CVE-2021-41465 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | ||||
| CVE-2021-41464 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | ||||
| CVE-2021-41463 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | ||||
| CVE-2021-41462 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. | ||||
| CVE-2021-41461 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | ||||
| CVE-2021-41445 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 6.1 Medium |
| A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. | ||||
| CVE-2021-41432 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | ||||
| CVE-2021-41427 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2024-11-21 | 6.1 Medium |
| Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. | ||||
| CVE-2021-41421 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 4.8 Medium |
| A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | ||||
| CVE-2021-41420 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | ||||
| CVE-2021-41415 | 1 Subscription-manager Project | 1 Subscription-manager | 2024-11-21 | 6.1 Medium |
| Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | ||||