Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): xss
  • Search Type: Search All
There are 18,079 matching records.
Displaying matches 1 through 20.
Vuln ID Summary CVSS Severity
CVE-2021-41391

In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.

Published: September 17, 2021; 5:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-41317

XSS Hunter Express before 2021-09-17 does not properly enforce authentication requirements for paths.

Published: September 17, 2021; 12:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-27340

OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter.

Published: September 16, 2021; 10:15:07 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-21482

A cross-site scripting (XSS) vulnerability in RGCMS v1.06 allows attackers to obtain the administrator's cookie via a crafted payload in the Name field under the Message Board module

Published: September 15, 2021; 6:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33696

SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site.

Published: September 15, 2021; 3:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-33691

NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also.

Published: September 15, 2021; 3:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-40966

A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.

Published: September 15, 2021; 2:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-28901

Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite.

Published: September 15, 2021; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-40238

A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.

Published: September 15, 2021; 1:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-37412

The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar.

Published: September 15, 2021; 1:15:10 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-38156

In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard.

Published: September 15, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19158

Cross Site Scripting (XSS) in S-CMS build 20191014 and earlier allows remote attackers to execute arbitrary code via the 'Site Title' parameter of the component '/data/admin/#/app/config/'.

Published: September 15, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19156

Cross Site Scripting (XSS) in Ari Adminer v1 allows remote attackers to execute arbitrary code via the 'Title' parameter of the 'Add New Connections' component when the 'save()' function is called.

Published: September 15, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-19148

Cross Site Scripting (XSS) in Jfinal CMS v4.7.1 and earlier allows remote attackers to execute arbitrary code via the 'Nickname' parameter in the component '/jfinal_cms/front/person/profile.html'.

Published: September 15, 2021; 10:15:08 AM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23027

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: September 14, 2021; 6:15:07 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-39391

Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page.

Published: September 14, 2021; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-35493

The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below.

Published: September 14, 2021; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23038

On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, 14.1.x before 14.1.4.2, 13.1.x before 13.1.4.1, and all versions of 12.1.x, a stored cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: September 14, 2021; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2021-23037

On all versions of 16.1.x, 16.0.x, 15.1.x, 14.1.x, 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated.

Published: September 14, 2021; 2:15:08 PM -0400
V3.x:(not available)
V2.0:(not available)
CVE-2020-21082

A cross-site scripting (XSS) vulnerability in the background administrator article management module of Maccms 8.0 allows attackers to steal administrator and user cookies via crafted payloads in the text fields for Chinese and English names.

Published: September 14, 2021; 12:15:09 PM -0400
V3.x:(not available)
V2.0:(not available)