Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2017-5553

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-23 Jan, 2017 | 06:49
Updated At-05 Aug, 2024 | 15:04
Rejected At-
Credits

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:23 Jan, 2017 | 06:49
Updated At:05 Aug, 2024 | 15:04
Rejected At:
▼CVE Numbering Authority (CNA)

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/95704
vdb-entry
x_refsource_BID
http://b2evolution.net/downloads/6-8-5
x_refsource_CONFIRM
https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/95704
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://b2evolution.net/downloads/6-8-5
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.securityfocus.com/bid/95704
vdb-entry
x_refsource_BID
x_transferred
http://b2evolution.net/downloads/6-8-5
x_refsource_CONFIRM
x_transferred
https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/95704
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://b2evolution.net/downloads/6-8-5
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:23 Jan, 2017 | 07:59
Updated At:20 Apr, 2025 | 01:37

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.05.4MEDIUM
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.0
Base score: 5.4
Base severity: MEDIUM
Vector:
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
b2evolution
b2evolution
>>b2evolution>>Versions up to 6.8.4(inclusive)
cpe:2.3:a:b2evolution:b2evolution:*:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://b2evolution.net/downloads/6-8-5cve@mitre.org
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95704cve@mitre.org
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8cve@mitre.org
Issue Tracking
Patch
Third Party Advisory
http://b2evolution.net/downloads/6-8-5af854a3a-2127-422b-91ae-364da2661108
Patch
Vendor Advisory
http://www.securityfocus.com/bid/95704af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
VDB Entry
https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://b2evolution.net/downloads/6-8-5
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/95704
Source: cve@mitre.org
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8
Source: cve@mitre.org
Resource:
Issue Tracking
Patch
Third Party Advisory
Hyperlink: http://b2evolution.net/downloads/6-8-5
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Vendor Advisory
Hyperlink: http://www.securityfocus.com/bid/95704
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Third Party Advisory
VDB Entry
Hyperlink: https://github.com/b2evolution/b2evolution/commit/ce5b36e44b714b18b0bcd34c6db0187b8d13bab8
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Issue Tracking
Patch
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

6358Records found
CVE-2016-7150
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.39% / 59.34%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the site name.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-22841
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.45% / 63.02%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 13:09
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Stored XSS in b2evolution CMS version 6.11.6 and prior allows an attacker to perform malicious JavaScript code execution via the plugin name input field in the plugin module.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-5494
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.10%
||
7 Day CHG~0.00%
Published-15 Jan, 2017 | 22:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple cross-site scripting (XSS) vulnerabilities in the file types table in b2evolution through 6.8.3 allow remote authenticated users to inject arbitrary web script or HTML via a .swf file in a (1) comment frame or (2) avatar frame.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-9599
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.54% / 67.22%
||
7 Day CHG~0.00%
Published-16 Jan, 2015 | 15:00
Updated-12 Apr, 2025 | 10:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the filemanager in b2evolution before 5.2.1 allows remote attackers to inject arbitrary web script or HTML via the fm_filter parameter to blogs/admin.php.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2012-5911
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.47% / 64.40%
||
7 Day CHG~0.00%
Published-17 Nov, 2012 | 21:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in blogs/blog1.php in b2evolution 4.1.3 allows remote attackers to inject arbitrary web script or HTML via the message body.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-7149
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.61% / 69.40%
||
7 Day CHG~0.00%
Published-18 Jan, 2017 | 17:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in b2evolution 6.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to the autolink function.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-0175
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-0.53% / 66.69%
||
7 Day CHG~0.00%
Published-11 Jan, 2007 | 00:00
Updated-07 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in htsrv/login.php in b2evolution 1.8.6 allows remote attackers to inject arbitrary web script or HTML via scriptable attributes in the redirect_to parameter.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolutionn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-22839
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-1.04% / 77.09%
||
7 Day CHG~0.00%
Published-09 Feb, 2021 | 19:39
Updated-04 Aug, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Reflected cross-site scripting vulnerability (XSS) in the evoadm.php file in b2evolution cms version 6.11.6-stable allows remote attackers to inject arbitrary webscript or HTML code via the tab3 parameter.

Action-Not Available
Vendor-b2evolutionn/a
Product-b2evolution_cmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5186
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.35% / 57.23%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 14:24
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

DNN (formerly DotNetNuke) through 9.4.4 allows XSS (issue 1 of 2).

Action-Not Available
Vendor-n/aESW Operations, LLC ("DNN Software")
Product-dotnetnuken/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44912
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:55
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL.

Action-Not Available
Vendor-xpressenginen/a
Product-xpressenginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45669
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.7||LOW
EPSS-0.27% / 50.45%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:25
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80rbs750_firmwaremr60rax15mr60_firmwarerbs850_firmwarerax75rbr850rax80_firmwarerbr750_firmwarerax50rbs850rbk752_firmwarerax45ms60_firmwarerbk752rbr750rbs750rax15_firmwarerax200rax20rax75_firmwarerax50_firmwarerax45_firmwarerbk852_firmwarerbk852rax20_firmwarems60rbr850_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46072
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-5.67% / 90.22%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:26
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service List Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45904
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.14%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 22:32
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen.

Action-Not Available
Vendor-n/aOpenWrt
Product-openwrtn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45662
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 53.31%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:27
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-5305
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.41% / 61.00%
||
7 Day CHG~0.00%
Published-05 Jan, 2020 | 22:26
Updated-04 Aug, 2024 | 08:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.

Action-Not Available
Vendor-codologicn/a
Product-codoforumn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46071
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-5.67% / 90.22%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:27
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Category List Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45663
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.30% / 53.31%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:26
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45666
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.27% / 50.52%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:26
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40v_firmwarerbs40vcbr40_firmwareeax80ex7500rbw30_firmwareex6130_firmwarerbs750_firmwarerbs850_firmwarerbr850ex3800_firmwarerbr750_firmwarerbw30ex3700cbr40ex7500_firmwarerbs850rbk752_firmwareex3800rbk752rbr750rbs750eax80_firmwareex3700_firmwareex6120rbk852_firmwarerbk852ex6130ex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45672
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.2||MEDIUM
EPSS-0.26% / 48.68%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:24
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700v2_firmwarerax40r6120r6850_firmwarer7450_firmwarer6220_firmwareac2600r6080_firmwareac2400r6900v2r6120_firmwarer7200_firmwarer6800r6900v2_firmwarer6260_firmwarer6260r6220r6020ac2400_firmwarer7350_firmwarer7400_firmwarer6020_firmwarer7200rax40_firmwared7000r6080d7000_firmwarer6230r6230_firmwareac2100_firmwared6200_firmwarer7400r6700v2ac2100r6850r7350r7450d6200r6800_firmwareac2600_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45919
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.33% / 55.79%
||
7 Day CHG~0.00%
Published-08 Feb, 2022 | 22:27
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Studio 42 elFinder through 2.1.31 allows XSS via an SVG document.

Action-Not Available
Vendor-std42n/a
Product-elfindern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46065
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-20.36% / 95.40%
||
7 Day CHG~0.00%
Published-27 Jan, 2022 | 15:29
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-site scripting (XSS) vulnerability in Secondary Email Field in Zoho ManageEngine ServiceDesk Plus 11.3 Build 11306 allows an attackers to inject arbitrary JavaScript code.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_servicedesk_plusn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45744
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-3.00% / 86.30%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:43
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in bludit 3.13.1 via the TAGS section in login panel.

Action-Not Available
Vendor-bluditn/a
Product-bluditn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-7827
Matching Score-4
Assigner-Schneider Electric
ShareView Details
Matching Score-4
Assigner-Schneider Electric
CVSS Score-5.4||MEDIUM
EPSS-0.23% / 45.21%
||
7 Day CHG~0.00%
Published-22 May, 2019 | 19:33
Updated-05 Aug, 2024 | 06:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross-Site Scripting (XSS) vulnerability exists in the 1st Gen. Pelco Sarix Enhanced Camera and Spectra Enhanced PTZ Camera which a remote attacker can execute arbitrary HTML and script code in a user’s browser session.

Action-Not Available
Vendor-n/a
Product-ime219-1ep_firmwareime119-1esime319-1ei_firmwareime219-1vi_firmwareime3122-1vp_firmwareime219-1vs_firmwareime319-1vs_firmwareime219-1esd6220ime219-1vp_firmwareixe31imes19-1eiime3122-1vpimes19-1sime3122-1epime219-1viimes19-1esime319-1eiime3122-1iimes19-1ep_firmwareimes19-1es_firmwared6220_firmwareime3122-b1iimes19-1s_firmwareime3122-b1s_firmwareime119-1vi_firmwared6230_firmwareime319-1s_firmwareime319-b1p_firmwareime319-1pime3122-b1pime319-1ep_firmwareime319-1vsime119-1vp_firmwareime219-1vpime219-1iime3122-1esixe21_firmwareime319-1p_firmwareime3122-1i_firmwareime319-1viimes19-1vsime119-1viimes19-1vp_firmwareime119-1pime3122-1vs_firmwareime219-1es_firmwareime319-1vpimes19-1vpime3122-1eiime319-b1s_firmwareimes19-1ei_firmwareime119-1ei_firmwareime219-1pixe11_firmwareime3122-1ei_firmwareime119-1vpime319-b1iixe31_firmwareime119-1vs_firmwareixes1ime219-1p_firmwareime3122-1ep_firmwareime3122-1vi_firmwareime219-1s_firmwareime119-1vsime119-1es_firmwareimes19-1epime219-1epime319-1vi_firmwareime119-1i_firmwareime119-1eiime319-1iimes19-1iime319-b1sime3122-1p_firmwareimes19-1vi_firmwareimes19-1vs_firmwareime3122-1sime119-1iimes19-1viimes19-1i_firmwareime319-1vp_firmwareime319-1i_firmwareimes19-1pime219-1sime319-b1i_firmwareime3122-1s_firmwareime219-1i_firmwareime3122-1viixe21d6230lime119-1p_firmwareime219-1eiime319-1es_firmwared6230l_firmwareime319-b1pime319-1esd6230ime3122-b1sime219-1ei_firmwareime119-1epd6220lime3122-1vsime219-1vsimes19-1p_firmwareime319-1epime3122-1es_firmwareime119-1sime119-1ep_firmwared6220l_firmwareixes1_firmwareime3122-b1i_firmwareime3122-b1p_firmwareime319-1sixe11ime119-1s_firmwareime3122-1pPelco Sarix Enhanced and Spectra Enhanced, Pelco Sarix Enhanced 1st generation and Spectra Enhanced PTZ
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46068
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-5.67% / 90.22%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:46
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the My Account Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46108
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-1.10% / 77.75%
||
7 Day CHG~0.00%
Published-18 Feb, 2022 | 03:58
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

D-Link DSL-2730E CT-20131125 devices allow XSS via the username parameter to the password page in the maintenance configuration.

Action-Not Available
Vendor-n/aD-Link Corporation
Product-dsl-2730edsl-2730e_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45674
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.2||LOW
EPSS-0.27% / 50.45%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:24
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80rax15r8000rax75r7000rax80_firmwarer7900r7900_firmwarer7000_firmwarerax15_firmwarerax20rax200rax75_firmwarerax20_firmwarer8000_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44565
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 57.69%
||
7 Day CHG~0.00%
Published-22 Feb, 2022 | 19:58
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields.

Action-Not Available
Vendor-rosariosisn/a
Product-rosariosisn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46070
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.75% / 72.85%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:29
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Service Requests Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45667
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.97%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:25
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40v_firmwarecbr40_firmwareeax80ex7500rbw30_firmwarerax80rax15ms60rax75ex3800_firmwarerbw30r8000pex3700rax50ex7500_firmwarerbs850r7960prax45ms60_firmwarerbr750r8000p_firmwareeax80_firmwarerax200rax20ex6130rax20_firmwarer7900prax200_firmwareeax20_firmwarerbs40vex6130_firmwarerbs750_firmwaremr60mr60_firmwarerbs850_firmwarerbr850rax80_firmwarerbr750_firmwareeax20cbr40rbk752_firmwareex3800rbk752rbs750r7960p_firmwarerax15_firmwareex3700_firmwarerax75_firmwareex6120rax50_firmwarerax45_firmwarerbk852_firmwarerbk852r7900p_firmwareex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46146
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.16% / 36.98%
||
7 Day CHG~0.00%
Published-07 Jan, 2022 | 05:53
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file.

Action-Not Available
Vendor-n/aWikimedia Foundation
Product-mediawikin/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-23 Feb, 2022 | 18:51
Updated-04 Aug, 2024 | 04:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.

Action-Not Available
Vendor-bloofoxn/a
Product-bloofoxcmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-6185
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.27% / 49.92%
||
7 Day CHG~0.00%
Published-12 Feb, 2020 | 19:56
Updated-04 Aug, 2024 | 08:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Under certain conditions ABAP Online Community in SAP NetWeaver (SAP_BASIS version 7.40) and SAP S/4HANA (SAP_BASIS versions 7.50, 7.51, 7.52, 7.53, 7.54), allows an authenticated attacker to store a malicious payload which results in Stored Cross Site Scripting vulnerability.

Action-Not Available
Vendor-SAP SE
Product-netweavers\/4hanaSAP NetWeaver (SAP Basis)SAP S/4HANA (SAP Basis)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46026
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 23:04
Updated-10 Apr, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mysiteforme, as of 19-12-2022, is vulnerable to Cross Site Scripting (XSS) via the add blog tag function in the blog tag in the background blog management.

Action-Not Available
Vendor-wangl1989n/a
Product-mysiteformen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46074
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.60% / 69.01%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:23
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Settings Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45792
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-17 Mar, 2022 | 10:55
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Slims9 Bulian 9.4.2 is affected by Cross Site Scripting (XSS) in /admin/modules/system/custom_field.php.

Action-Not Available
Vendor-slimsn/a
Product-senayan_library_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46025
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 22:54
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background.

Action-Not Available
Vendor-oneblog_projectn/a
Product-oneblogn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45906
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.14%
||
7 Day CHG~0.00%
Published-27 Dec, 2021 | 22:32
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen.

Action-Not Available
Vendor-n/aOpenWrt
Product-openwrtn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44969
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.22% / 44.31%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 22:39
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.

Action-Not Available
Vendor-taogogon/a
Product-taocmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-5.67% / 90.22%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 15:30
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Stored Cross Site Scripting (XSS) vulnerability exists in Vehicle Service Management System 1.0 via the Mechanic List Section in login panel.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45673
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.20% / 41.74%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:24
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rax200_firmwarerax80r8000rax75r7000r6900prax80_firmwarer7900r7000pr6900p_firmwarer7900_firmwarer7000_firmwarerax200rax75_firmwarer8000_firmwarer7000p_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45889
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.37% / 58.40%
||
7 Day CHG~0.00%
Published-13 Mar, 2022 | 01:25
Updated-04 Aug, 2024 | 04:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in PONTON X/P Messenger before 3.11.2. Several functions are vulnerable to reflected XSS, as demonstrated by private/index.jsp?partners/ShowNonLocalPartners.do?localID= or private/index.jsp or private/index.jsp?database/databaseTab.jsp or private/index.jsp?activation/activationMainTab.jsp or private/index.jsp?communication/serverTab.jsp or private/index.jsp?emailNotification/notificationTab.jsp.

Action-Not Available
Vendor-pontonn/a
Product-x\/p_messengern/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46080
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.28% / 51.11%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 14:47
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Cross Site Request Forgery (CSRF) vulnerability exists in Vehicle Service Management System 1.0. An successful CSRF attacks leads to Stored Cross Site Scripting Vulnerability.

Action-Not Available
Vendor-vehicle_service_management_system_projectn/a
Product-vehicle_service_management_systemn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-352
Cross-Site Request Forgery (CSRF)
CVE-2021-44760
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.18% / 39.04%
||
7 Day CHG~0.00%
Published-18 Mar, 2022 | 18:00
Updated-23 Apr, 2025 | 18:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP-DownloadManager plugin <= 1.68.6 - Auth. Reflected Cross-Site Scripting (XSS) vulnerability

Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.

Action-Not Available
Vendor-wp-downloadmanager_projectLester 'GaMerZ' Chan
Product-wp-downloadmanagerWP-DownloadManager (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45227
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.72%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 14:12
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.

Action-Not Available
Vendor-coins-globaln/a
Product-coins_construction_cloudn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45670
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.36% / 57.97%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:25
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40v_firmwarecbr40_firmwarerax80eax80ex7500rbw30_firmwarerax15rax75r8000ex3800_firmwarer6900pr7900rbw30rax50ex3700r6900p_firmwarerbs850ex7500_firmwarerax45ms60_firmwarer7000_firmwarerbr750r8000_firmwareeax80_firmwarerax200rax20rax20_firmwareex6130r7000p_firmwarerax200_firmwareeax20_firmwarerbs40vex6130_firmwarerbs750_firmwaremr60mr60_firmwarerbs850_firmwarerbr850rax80_firmwarerbr750_firmwarer7000eax20r7000pcbr40rbk752_firmwareex3800r7900_firmwarerbk752rbs750rax15_firmwareex6120_firmwareex3700_firmwarerax75_firmwarerax50_firmwareex6120rax45_firmwarerbk852_firmwarerbk852ms60rbr850_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44911
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.72%
||
7 Day CHG~0.00%
Published-09 Feb, 2022 | 15:40
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities.

Action-Not Available
Vendor-xpressenginen/a
Product-xpressenginen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45668
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.22% / 44.10%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:25
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-eax80ex7500rax80rax15rax75ex3800_firmwarer8000pex3700rax50ex7500_firmwarer7960prax45r8000p_firmwareeax80_firmwarerax200rax20rax20_firmwareex6130r7900prax200_firmwareeax20_firmwareex6130_firmwarerax80_firmwareeax20ex3800r7960p_firmwarerax15_firmwareex3700_firmwarerax75_firmwareex6120rax50_firmwarerax45_firmwarer7900p_firmwareex6120_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-2148
Matching Score-4
Assigner-JPCERT/CC
ShareView Details
Matching Score-4
Assigner-JPCERT/CC
CVSS Score-5.4||MEDIUM
EPSS-0.24% / 46.20%
||
7 Day CHG~0.00%
Published-28 Apr, 2017 | 16:00
Updated-20 Apr, 2025 | 01:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting vulnerability in WN-AC1167GR firmware version 1.04 and earlier allows remote authenticated attackers to inject arbitrary web script or HTML via unspecified vectors.

Action-Not Available
Vendor-iodataI-O DATA DEVICE, INC.
Product-wn-ac1167gr_firmwarewn-ac1167grWN-AC1167GR
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45664
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.6||MEDIUM
EPSS-0.32% / 54.90%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:26
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7000_firmwarer7000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-44970
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.19% / 41.02%
||
7 Day CHG~0.00%
Published-10 Feb, 2022 | 22:39
Updated-04 Aug, 2024 | 04:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.

Action-Not Available
Vendor-1234nn/a
Product-minicmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 127
  • 128
  • Next
Details not found