Total
41395 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-25810 | 1 Mercusys | 2 Mercury X18g, Mercury X18g Firmware | 2024-11-21 | 6.1 Medium |
| Cross site Scripting (XSS) vulnerability in MERCUSYS Mercury X18G 1.0.5 devices, via crafted values to the 'src_dport_start', 'src_dport_end', and 'dest_port' parameters. | ||||
| CVE-2021-25791 | 1 Online Doctor Appointment System Php Full Source Code Project | 1 Online Doctor Appointment System Php Full Source Code | 2024-11-21 | 5.4 Medium |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields. | ||||
| CVE-2021-25790 | 1 House Rental And Property Listing Php Project | 1 House Rental And Property Listing Php | 2024-11-21 | 5.4 Medium |
| Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number. | ||||
| CVE-2021-25785 | 1 Taogogo | 1 Taocms | 2024-11-21 | 4.8 Medium |
| Taocms v2.5Beta5 was discovered to contain a cross-site scripting (XSS) vulnerability via the component Management column. | ||||
| CVE-2021-25773 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| JetBrains TeamCity before 2020.2 was vulnerable to reflected XSS on several pages. | ||||
| CVE-2021-25680 | 1 Adtran | 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager | 2024-11-21 | 6.1 Medium |
| The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-25679 | 1 Adtran | 3 Netvanta 7060, Netvanta 7100, Personal Phone Manager | 2024-11-21 | 5.4 Medium |
| The AdTran Personal Phone Manager software is vulnerable to an authenticated stored cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched | ||||
| CVE-2021-25656 | 1 Avaya | 1 Aura Experience Portal | 2024-11-21 | 5.3 Medium |
| Stored XSS injection vulnerabilities were discovered in the Avaya Aura Experience Portal Web management which could allow an authenticated user to potentially disclose sensitive information. Affected versions include 7.0 through 7.2.3 (without hotfix) and 8.0.0 (without hotfix). | ||||
| CVE-2021-25647 | 1 Testes-codigo | 1 Testes De Codigo | 2024-11-21 | 5.4 Medium |
| Mobile application "Testes de Codigo" v11.3 and prior allows stored XSS by injecting a payload in the "feedback" message field causing it to be stored in the remote database and leading to its execution on client devices when loading the "feedback list", either by accessing the website directly or using the mobile application. | ||||
| CVE-2021-25520 | 1 Samsung | 1 Internet | 2024-11-21 | 5.9 Medium |
| Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. | ||||
| CVE-2021-25327 | 1 Skyworthdigital | 2 Rn510, Rn510 Firmware | 2024-11-21 | 6.5 Medium |
| Skyworth Digital Technology RN510 V.3.1.0.4 contains a cross-site request forgery (CSRF) vulnerability in /cgi-bin/net-routeadd.asp and /cgi-bin/sec-urlfilter.asp. Missing CSRF protection in devices can lead to XSRF, as the above pages are vulnerable to cross-site scripting (XSS). | ||||
| CVE-2021-25325 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| MISP 2.4.136 has XSS via galaxy cluster element values to app/View/GalaxyElements/ajax/index.ctp. Reference types could contain javascript: URLs. | ||||
| CVE-2021-25324 | 1 Misp | 1 Misp | 2024-11-21 | 6.1 Medium |
| MISP 2.4.136 has Stored XSS in the galaxy cluster view via a cluster name to app/View/GalaxyClusters/view.ctp. | ||||
| CVE-2021-25313 | 1 Suse | 1 Rancher | 2024-11-21 | 7.1 High |
| A Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Rancher allows remote attackers to execute JavaScript via malicious links. This issue affects: SUSE Rancher Rancher versions prior to 2.5.6. | ||||
| CVE-2021-25299 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server. | ||||
| CVE-2021-25295 | 1 Opencats | 1 Opencats | 2024-11-21 | 6.1 Medium |
| OpenCATS through 0.9.5-3 has multiple Cross-site Scripting (XSS) issues. | ||||
| CVE-2021-25278 | 1 Ftapi | 1 Ftapi | 2024-11-21 | 4.8 Medium |
| FTAPI 4.0 through 4.10 allows XSS via an SVG document to the Background Image upload feature in the Submit Box Template Editor. | ||||
| CVE-2021-25277 | 1 Ftapi | 1 Ftapi | 2024-11-21 | 6.1 Medium |
| FTAPI 4.0 - 4.10 allows XSS via a crafted filename to the alternative text hover box in the file submission component. | ||||
| CVE-2021-25273 | 1 Sophos | 1 Unified Threat Management | 2024-11-21 | 4.8 Medium |
| Stored XSS can execute as administrator in quarantined email detail view in Sophos UTM before version 9.706. | ||||
| CVE-2021-25268 | 1 Sophos | 2 Firewall, Firewall Firmware | 2024-11-21 | 8.4 High |
| Multiple XSS vulnerabilities in Webadmin allow for privilege escalation from MySophos admin to SFOS admin in Sophos Firewall older than version 19.0 GA. | ||||