Total
43965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25938 | 1 Arangodb | 1 Arangodb | 2024-11-21 | 6.1 Medium |
| In ArangoDB, versions v2.2.6.2 through v3.7.10 are vulnerable to Cross-Site Scripting (XSS), since there is no validation of the .zip file name and filtering of potential abusive characters which zip files can be named to. There is no X-Frame-Options Header set, which makes it more susceptible for leveraging self XSS by attackers. | ||||
| CVE-2021-25935 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.4 Medium |
| In OpenNMS Horizon, versions opennms-17.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `add()` performs improper validation checks on the input sent to the `foreign-source` parameter. Due to this flaw an attacker could bypass the existing regex validation and inject an arbitrary script which will be stored in the database. | ||||
| CVE-2021-25934 | 1 Opennms | 2 Horizon, Meridian | 2024-11-21 | 5.4 Medium |
| In OpenNMS Horizon, versions opennms-18.0.0-1 through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.7-1 are vulnerable to Stored Cross-Site Scripting, since the function `createRequisitionedNode()` does not perform any validation checks on the input sent to the `node-label` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. | ||||
| CVE-2021-25932 | 1 Opennms | 2 Meridian, Opennms | 2024-11-21 | 5.4 Medium |
| In OpenNMS Horizon, versions opennms-1-0-stable through opennms-27.1.0-1; OpenNMS Meridian, versions meridian-foundation-2015.1.0-1 through meridian-foundation-2019.1.18-1; meridian-foundation-2020.1.0-1 through meridian-foundation-2020.1.6-1 are vulnerable to Stored Cross-Site Scripting, since the function `validateFormInput()` performs improper validation checks on the input sent to the `userID` parameter. Due to this flaw an attacker could inject an arbitrary script which will be stored in the database. | ||||
| CVE-2021-25922 | 1 Open-emr | 1 Openemr | 2024-11-21 | 6.1 Medium |
| In OpenEMR, versions 4.2.0 to 6.0.0 are vulnerable to Reflected Cross-Site-Scripting (XSS) due to user input not being validated properly. An attacker could trick a user to click on a malicious url and execute malicious code. | ||||
| CVE-2021-25894 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 6.1 Medium |
| Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the /magnoliaPublic/travel/members/login.html mgnlUserId parameter. | ||||
| CVE-2021-25893 | 1 Magnolia-cms | 1 Magnolia Cms | 2024-11-21 | 5.4 Medium |
| Magnolia CMS from 6.1.3 to 6.2.3 contains a stored cross-site scripting (XSS) vulnerability in the setText parameter of /magnoliaAuthor/.magnolia/. | ||||
| CVE-2021-25878 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 6.1 Medium |
| AVideo/YouPHPTube 10.0 and prior is affected by multiple reflected Cross Script Scripting vulnerabilities via the videoName parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | ||||
| CVE-2021-25876 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 6.1 Medium |
| AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the u parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | ||||
| CVE-2021-25875 | 1 Youphptube | 1 Youphptube | 2024-11-21 | 6.1 Medium |
| AVideo/YouPHPTube AVideo/YouPHPTube 10.0 and prior has multiple reflected Cross Script Scripting vulnerabilities via the searchPhrase parameter which allows a remote attacker to steal administrators' session cookies or perform actions as an administrator. | ||||
| CVE-2021-25838 | 1 Minthcm | 1 Minthcm | 2024-11-21 | 6.1 Medium |
| The Import function in MintHCM RELEASE 3.0.8 allows an attacker to execute a cross-site scripting (XSS) payload in file-upload. | ||||
| CVE-2021-25810 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 6.1 Medium |
| Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. | ||||
| CVE-2021-25791 | 1 Online Doctor Appointment System Php Full Source Code Project | 1 Online Doctor Appointment System Php Full Source Code | 2024-11-21 | 5.4 Medium |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. | ||||
| CVE-2021-25790 | 1 House Rental And Property Listing Php Project | 1 House Rental And Property Listing Php | 2024-11-21 | 5.4 Medium |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. | ||||
| CVE-2021-25785 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.8 Medium |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | ||||
| CVE-2021-25773 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | ||||
| CVE-2021-25680 | 1 Adtran | 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager | 2024-11-21 | 6.1 Medium |
| The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-25679 | 1 Adtran | 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager | 2024-11-21 | 5.4 Medium |
| The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-25656 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.3 Medium |
| Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | ||||
| CVE-2021-25647 | 1 Testes-codigo | 1 Testes De Codigo | 2024-11-21 | 5.4 Medium |
| Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application. | ||||