Total
43965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-11-21 | 5.9 Medium |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||||
| CVE-2021-25327 | 1 Skyworthdigital | 2 Rn510, Rn510 Firmware | 2024-11-21 | 6.5 Medium |
| Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). | ||||
| CVE-2021-25325 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. | ||||
| CVE-2021-25324 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. | ||||
| CVE-2021-25313 | 1 Suse | 1 Rancher | 2024-11-21 | 7.1 High |
| A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. | ||||
| CVE-2021-25299 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. | ||||
| CVE-2021-25295 | 1 Opencats | 1 Opencats | 2024-11-21 | 6.1 Medium |
| OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues. | ||||
| CVE-2021-25278 | 1 Ftapi | 1 Ftapi | 2024-11-21 | 4.8 Medium |
| FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. | ||||
| CVE-2021-25277 | 1 Ftapi | 1 Ftapi | 2024-11-21 | 6.1 Medium |
| FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. | ||||
| CVE-2021-25273 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 4.8 Medium |
| Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | ||||
| CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 8.4 High |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | ||||
| CVE-2021-25267 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 6.8 Medium |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from admin to super-admin in Sophos Firewall older than version 19.0 GA. | ||||
| CVE-2021-25204 | 1 E-commerce Website Project | 1 E-commerce Website | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. | ||||
| CVE-2021-25197 | 1 Content Management System Project | 1 Content Management System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester Content Management System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the search parameter to content_management_system\admin\new_content.php | ||||
| CVE-2021-25179 | 1 Solarwinds | 1 Serv-u File Server | 2024-11-21 | 6.1 Medium |
| SolarWinds Serv-U before 15.2 is affected by Cross Site Scripting (XSS) via the HTTP Host header. | ||||
| CVE-2021-25161 | 2 Arubanetworks, Siemens | 3 Instant, Scalance W1750d, Scalance W1750d Firmware | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting (xss) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.17 and below; Aruba Instant 6.5.x: 6.5.4.18 and below; Aruba Instant 8.3.x: 8.3.0.14 and below; Aruba Instant 8.5.x: 8.5.0.11 and below; Aruba Instant 8.6.x: 8.6.0.7 and below; Aruba Instant 8.7.x: 8.7.1.1 and below. Aruba has released patches for Aruba Instant that address this security vulnerability. | ||||
| CVE-2021-25120 | 1 Easysocialfeed | 1 Easy Social Feed | 2024-11-21 | 6.1 Medium |
| The Easy Social Feed Free and Pro WordPress plugins before 6.2.7 do not sanitise some of their parameters used via AJAX actions before outputting them back in the response, leading to Reflected Cross-Site Scripting issues | ||||
| CVE-2021-25113 | 1 Dropdown Menu Widget Project | 1 Dropdown Menu Widget | 2024-11-21 | 5.4 Medium |
| The Dropdown Menu Widget WordPress plugin through 1.9.7 does not have authorisation and CSRF checks when saving its settings, allowing low privilege users such as subscriber to update them. Due to the lack of sanitisation and escaping, it could also lead to Stored Cross-Site Scripting issues | ||||
| CVE-2021-25112 | 1 I-plugins | 1 Whmcs Bridge | 2024-11-21 | 6.1 Medium |
| The WHMCS Bridge WordPress plugin before 6.4b does not sanitise and escape the error parameter before outputting it back in admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-25107 | 1 Accesspressthemes | 1 Form Store To Db | 2024-11-21 | 6.1 Medium |
| The Form Store to DB WordPress plugin before 1.1.1 does not sanitise and escape parameter keys before outputting it back in the created entry, allowing unauthenticated attacker to perform Cross-Site Scripting attacks against admin | ||||