Total
41416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-34356 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 7.6 High |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | ||||
| CVE-2021-34355 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 7.6 High |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 5.4.10 ( 2021/08/19 ) and later Photo Station 5.7.13 ( 2021/08/19 ) and later Photo Station 6.0.18 ( 2021/09/01 ) and later | ||||
| CVE-2021-34354 | 1 Qnap | 2 Nas, Photo Station | 2024-11-21 | 7.6 High |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Photo Station: Photo Station 6.0.18 ( 2021/09/01 ) and later | ||||
| CVE-2021-34243 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 5.4 Medium |
| A stored cross site scripting (XSS) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to execute arbitrary web scripts or HTML via a crafted file uploaded into the Document Management tab. The exploit is triggered when a user visits the upload location of the crafted file. | ||||
| CVE-2021-34228 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in parent_control.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Description" field and "Service Name" field. | ||||
| CVE-2021-34223 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in urlfilter.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "URL Address" field. | ||||
| CVE-2021-34220 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in tr069config.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "User Name" field or "Password" field. | ||||
| CVE-2021-34215 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in tcpipwan.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Service Name" field. | ||||
| CVE-2021-34207 | 1 Totolink | 2 A3002r, A3002r Firmware | 2024-11-21 | 6.1 Medium |
| Cross-site scripting in ddns.htm in TOTOLINK A3002R version V1.1.1-B20200824 (Important Update, new UI) allows attackers to execute arbitrary JavaScript by modifying the "Domain Name" field, "Server Address" field, "User Name/Email", or "Password/Key" field. | ||||
| CVE-2021-34190 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in index.php?menu=billing_rates of Issabel PBX version 4 allows attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Name" or "Prefix" fields under the "Create New Rate" module. | ||||
| CVE-2021-34073 | 1 Gadget Works Online Ordering System Project | 1 Gadget Works Online Ordering System | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerabilty exists in Sourcecodester Gadget Works Online Ordering System in PHP/MySQLi 1.0 via the Category parameter in an add function in category/index.php. | ||||
| CVE-2021-33988 | 1 Microweber | 1 Microweber | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS). vulnerability exists in Microweber CMS 1.2.7 via the Login form, which could let a malicious user execute Javascript by Inserting code in the request form. | ||||
| CVE-2021-33966 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 5.4 Medium |
| Cross site scripting (XSS) vulnerability in spotweb 1.4.9, allows authenticated attackers to execute arbitrary code via crafted GET request to the login page. | ||||
| CVE-2021-33961 | 1 Enhanced-github Project | 1 Enhanced-github | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. | ||||
| CVE-2021-33904 | 1 Accela | 1 Civic Platform | 2024-11-21 | 6.1 Medium |
| In Accela Civic Platform through 21.1, the security/hostSignon.do parameter servProvCode is vulnerable to XSS. NOTE: The vendor states "there are configurable security flags and we are unable to reproduce them with the available information. | ||||
| CVE-2021-33853 | 1 X2engine | 1 X2crm | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) attack can cause arbitrary code (javascript) to run in a user’s browser while the browser is connected to a trusted website. As the vehicle for the attack, the application targets the users and not the application itself. Additionally, the XSS payload is executed when the user attempts to access any page of the CRM. | ||||
| CVE-2021-33852 | 1 Metaphorcreations | 1 Post Duplicator | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Duplicate Title" text box executes whenever the user opens the Settings Page of the Post Duplicator Plugin or the application root page after duplicating any of the existing posts. | ||||
| CVE-2021-33851 | 1 Apasionados | 1 Customize Login Image | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user's browser and can use an application as the vehicle for the attack. The XSS payload given in the "Custom logo link" executes whenever the user opens the Settings Page of the "Customize Login Image" Plugin. | ||||
| CVE-2021-33850 | 1 Microsoft | 1 Clarity | 2024-11-21 | 5.4 Medium |
| There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page. | ||||
| CVE-2021-33849 | 1 Zohocorp | 1 Zoho Crm Lead Magnet | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4. | ||||