Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2021-45676

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-26 Dec, 2021 | 00:23
Updated At-04 Aug, 2024 | 04:47
Rejected At-
Credits

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:26 Dec, 2021 | 00:23
Updated At:04 Aug, 2024 | 04:47
Rejected At:
▼CVE Numbering Authority (CNA)

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
3.14.3MEDIUM
CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AC:L/AV:A/A:N/C:L/I:L/PR:H/S:C/UI:R
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161
x_refsource_MISC
Hyperlink: https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161
x_refsource_MISC
x_transferred
Hyperlink: https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161
Resource:
x_refsource_MISC
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:26 Dec, 2021 | 01:15
Updated At:05 Jan, 2022 | 13:06

Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.14.8MEDIUM
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Secondary3.14.3MEDIUM
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Primary2.03.5LOW
AV:N/AC:M/Au:S/C:N/I:P/A:N
Type: Primary
Version: 3.1
Base score: 4.8
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 4.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:A/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N
Type: Primary
Version: 2.0
Base score: 3.5
Base severity: LOW
Vector:
AV:N/AC:M/Au:S/C:N/I:P/A:N
CPE Matches
NETGEAR, Inc.
netgear
>>rax200_firmware>>Versions before 1.0.5.126(exclusive)
cpe:2.3:o:netgear:rax200_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax200>>-
cpe:2.3:h:netgear:rax200:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax20_firmware>>Versions before 1.0.2.82(exclusive)
cpe:2.3:o:netgear:rax20_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax20>>-
cpe:2.3:h:netgear:rax20:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax80_firmware>>Versions before 1.0.5.126(exclusive)
cpe:2.3:o:netgear:rax80_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax80>>-
cpe:2.3:h:netgear:rax80:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax15_firmware>>Versions before 1.0.2.82(exclusive)
cpe:2.3:o:netgear:rax15_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax15>>-
cpe:2.3:h:netgear:rax15:-:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax75_firmware>>Versions before 1.0.5.126(exclusive)
cpe:2.3:o:netgear:rax75_firmware:*:*:*:*:*:*:*:*
NETGEAR, Inc.
netgear
>>rax75>>-
cpe:2.3:h:netgear:rax75:-:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-79Primarynvd@nist.gov
CWE ID: CWE-79
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161cve@mitre.org
Patch
Vendor Advisory
Hyperlink: https://kb.netgear.com/000064462/Security-Advisory-for-Stored-Cross-Site-Scripting-on-Some-Routers-PSV-2020-0161
Source: cve@mitre.org
Resource:
Patch
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

8432Records found
CVE-2021-45677
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.39% / 59.07%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:23
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-gs108t_firmwaregs110tpgs110tp_firmwaregs108tn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-45639
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.25% / 48.28%
||
7 Day CHG~0.00%
Published-26 Dec, 2021 | 00:31
Updated-04 Aug, 2024 | 04:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cbr40_firmwareeax80rax15ex3700rax50r6900p_firmwareex7500_firmwarer7960prax45r7000_firmwareeax80_firmwarerax20ex6130rax20_firmwarer7900peax20_firmwaremr60rbs850_firmwarerbr850r7000rax80_firmwarecbr40rbk752_firmwareex3800r7900_firmwareex3700_firmwareex7000_firmwareex6120rbk852r7900p_firmwarems60r8000_firmwareex7500rax80r8000rax75ex7000ex3800_firmwarer6900pr7900r8000prbs850ms60_firmwarerbr750r8000p_firmwarerax200r7000p_firmwarerax200_firmwareex6130_firmwarerbs750_firmwaremr60_firmwarexr300rbr750_firmwareeax20r7000pxr300_firmwarerbk752rbs750r7960p_firmwarerax15_firmwarerax75_firmwarerax50_firmwarerax45_firmwarerbk852_firmwareex6120_firmwarerbr850_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18833
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.10% / 27.66%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 16:25
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-m4300-52g_firmwarem4300-52gm4300-12x12f_firmwarem4300-28gm4300-28g-poe\+m4300-48x_firmwarem4300-48xm4200m4300-52g-poe\+_firmwarem4300-8x8fm4300-24x_firmwarem4300-28g-poe\+_firmwarem4300-28g_firmwarem4300-52g-poe\+m4300-12x12fm4300-8x8f_firmwarem4200_firmwarem4300-24x24f_firmwarem4300-24x24fm4300-24xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18835
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.19% / 40.89%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 16:23
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-m4300-52g_firmwarem4300-52gm4300-12x12f_firmwarem4300-28gm4300-28g-poe\+m4300-48x_firmwarem4300-48xm4200m4300-52g-poe\+_firmwarem4300-8x8fm4300-24x_firmwarem4300-28g-poe\+_firmwarem4300-28g_firmwarem4300-52g-poe\+m4300-12x12fm4300-8x8f_firmwarem4200_firmwarem4300-24x24f_firmwarem4300-24x24fm4300-24xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18834
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.21% / 43.24%
||
7 Day CHG~0.00%
Published-20 Apr, 2020 | 16:24
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects M4300-28G before 12.0.2.15, M4300-52G before 12.0.2.15, M4300-28G-POE+ before 12.0.2.15, M4300-52G-POE+ before 12.0.2.15, M4300-8X8F before 12.0.2.15, M4300-12X12F before 12.0.2.15, M4300-24X24F before 12.0.2.15, M4300-24X before 12.0.2.15, M4300-48X before 12.0.2.15, and M4200 before 12.0.2.15.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-m4300-52g_firmwarem4300-52gm4300-12x12f_firmwarem4300-28gm4300-28g-poe\+m4300-48x_firmwarem4300-48xm4200m4300-52g-poe\+_firmwarem4300-8x8fm4300-24x_firmwarem4300-28g-poe\+_firmwarem4300-28g_firmwarem4300-52g-poe\+m4300-12x12fm4300-8x8f_firmwarem4200_firmwarem4300-24x24f_firmwarem4300-24x24fm4300-24xn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18700
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.42% / 61.14%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:15
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects D6400 before 1.0.0.60, D7000 before 1.0.1.50, D8500 before 1.0.3.29, EX6200 before 1.0.3.84, EX7000 before 1.0.0.60, R6250 before 1.0.4.16, R6300v2 before 1.0.4.18, R6400 before 1.01.32, R6400v2 before 1.0.2.44, R6700 before 1.0.1.36, R6900 before 1.0.1.34, R6900P before 1.3.0.8, R7000 before 1.0.9.14, R7000P before 1.3.0.8, R7100LG before 1.0.0.34, R7300DST before 1.0.0.56, R7900 before 1.0.1.26, R8000 before 1.0.4.4, R8300 before 1.0.2.106, R8500 before 1.0.2.106, R9000 before 1.0.2.52, WNDR3400v3 before 1.0.1.16, WNR3500Lv2 before 1.2.0.46, and WNDR3700v5 before 1.1.0.48.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wndr3700r8000r6400_firmwareex7000ex6200r6900pr7100lgr7900r6900p_firmwarewndr3400r8300r7100lg_firmwarer7300dst_firmwarer8500_firmwarer7000_firmwared6400_firmwarer7300dstr6300_firmwared8500_firmwarer6250_firmwarer7000p_firmwarer8500d7000r9000_firmwared8500wndr3400_firmwared7000_firmwarer6700r8300_firmwarewndr3700_firmwarer7000wnr3500l_firmwareex6200_firmwarer6900d6400r7000pr9000wnr3500lr6900_firmwarer7900_firmwareex7000_firmwarer6300r6400r6700_firmwarer8000_firmwarer6250n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18745
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-23 Apr, 2020 | 15:34
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects R6400 before 1.0.1.14, R6700 before 1.0.1.22, R6900 before 1.0.1.22, R7000 before 1.0.9.4, R7100LG before 1.0.0.32, R7300DST before 1.0.0.56, R7900 before 1.0.1.12, R8000 before 1.0.3.24, and R8500 before 1.0.2.74.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r8500r6700r8000r6400_firmwarer7000r7100lgr7900r6900r6900_firmwarer7100lg_firmwarer7300dst_firmwarer8500_firmwarer7900_firmwarer7000_firmwarer7300dstr6400r6700_firmwarer8000_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18715
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.42% / 61.14%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 13:32
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects EX3700 before 1.0.0.66, EX3800 before 1.0.0.66, EX6100 before 1.0.2.20, EX6120 before 1.0.0.34, EX6150 before 1.0.0.36, EX6200 before 1.0.3.84, and EX7000 before 1.0.0.60.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex3800ex6200_firmwareex6100_firmwareex3700_firmwareex7000_firmwareex6120ex7000ex3800_firmwareex6200ex6150ex6120_firmwareex6150_firmwareex3700ex6100n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18701
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.27% / 50.45%
||
7 Day CHG~0.00%
Published-24 Apr, 2020 | 14:12
Updated-05 Aug, 2024 | 21:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects R6700 before 1.0.1.36 and R6900 before 1.0.1.34.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6900_firmwarer6900r6700n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18784
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.13% / 32.69%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:25
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000r6080_firmwarejwnr2010r6120_firmwarer6800wnr1000_firmwarer6050pr2000_firmwarer6220r6020r6020_firmwared7000r6080d7000_firmwarer6700wndr3700_firmwarewnr1000r6900d6200_firmwarer6900_firmwarer6050_firmwarewnr2050d6200wnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18800
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.17% / 38.23%
||
7 Day CHG~0.00%
Published-21 Apr, 2020 | 18:30
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects R6700v2 before 1.1.0.42 and R6800 before 1.1.0.42.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6700_firmwarer6800r6800_firmwarer6700n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18866
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-05 May, 2020 | 13:47
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects R9000 before 1.0.2.40, R6100 before 1.0.1.1, 6R7500 before 1.0.0.110, R7500v2 before 1.0.3.20, R7800 before 1.0.2.36, WNDR4300v2 before 1.0.0.48, and WNR2000v5 before 1.0.0.58.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r7500_firmwarer7800r9000_firmware6r7500_firmwarer9000wnr2000r61006r7500wndr4300r7800_firmwarewnr2000_firmwarer6100_firmwarer7500wndr4300_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2017-18783
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-0.09% / 26.52%
||
7 Day CHG~0.00%
Published-22 Apr, 2020 | 14:29
Updated-05 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by XSS. This affects D6200 before 1.1.00.24, D7000 before 1.0.1.52, JNR1010v2 before 1.1.0.44, JR6150 before 1.0.1.12, JWNR2010v5 before 1.1.0.44, PR2000 before 1.0.0.20, R6020 before 1.0.0.26, R6050 before 1.0.1.12, R6080 before 1.0.0.26, R6120 before 1.0.0.36, R6220 before 1.1.0.60, R6700v2 before 1.2.0.12, R6800 before 1.2.0.12, R6900v2 before 1.2.0.12, WNDR3700v5 before 1.1.0.50, WNR1000v4 before 1.1.0.44, WNR2020 before 1.1.0.44, and WNR2050 before 1.1.0.44.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarewnr2020_firmwarewndr3700r6120wnr2020r6220_firmwarepr2000r6080_firmwarejwnr2010r6120_firmwarer6800wnr1000_firmwarer6050pr2000_firmwarer6220r6020r6020_firmwared7000r6080d7000_firmwarer6700wndr3700_firmwarewnr1000r6900d6200_firmwarer6900_firmwarer6050_firmwarewnr2050d6200jr6150_firmwarejr6150wnr2050_firmwarejnr1010r6700_firmwarer6800_firmwarejwnr2010_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-46382
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.57% / 67.63%
||
7 Day CHG~0.00%
Published-04 Mar, 2022 | 15:32
Updated-04 Aug, 2024 | 05:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac120_ac_firmwarewac120_acn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2020-11791
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.42% / 61.14%
||
7 Day CHG~0.00%
Published-15 Apr, 2020 | 17:08
Updated-04 Aug, 2024 | 11:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JGS516PE devices before 2.6.0.43 are affected by reflected XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jgs516pe_firmwarejgs516pen/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-38538
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.25% / 47.77%
||
7 Day CHG~0.00%
Published-10 Aug, 2021 | 23:58
Updated-04 Aug, 2024 | 01:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7800 before 1.0.2.68, R8900 before 1.0.4.26, R9000 before 1.0.4.26, RAX120 before 1.0.0.78, RBK20 before 2.3.5.26, RBR20 before 2.3.5.26, RBS20 before 2.3.5.26, RBK40 before 2.3.5.30, RBR40 before 2.3.5.30, RBS40 before 2.3.5.30, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, and XR500 before 2.3.2.56.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-rbs40d7800_firmwarer8900r9000_firmwarerbk20rbs40_firmwarer8900_firmwarerbr40_firmwarerbs20_firmwared7800rbs20rbs50_firmwarerbr40rbs50r9000rbk20_firmwarerbr50_firmwarerbk40rbr20rbr50r7800rax120_firmwarerbr20_firmwarexr500_firmwarerbk50rbk40_firmwarer7800_firmwarerbk50_firmwarerax120xr500n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2014-3919
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-9.3||CRITICAL
EPSS-0.33% / 54.93%
||
7 Day CHG~0.00%
Published-13 Feb, 2020 | 19:00
Updated-06 Aug, 2024 | 10:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-cg3100_firmwarecg3100n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2007-5562
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-4.3||MEDIUM
EPSS-2.31% / 84.12%
||
7 Day CHG~0.00%
Published-18 Oct, 2007 | 20:00
Updated-07 Aug, 2024 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in cgi-bin/welcome (aka the login page) in Netgear SSL312 PROSAFE SSL VPN-Concentrator 25 allows remote attackers to inject arbitrary web script or HTML via the err parameter in the context of an error page.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ssl312n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2395
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.07%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 21:31
Updated-12 Feb, 2025 | 16:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear SRX5308 Web Management Interface cross site scripting

A vulnerability classified as problematic has been found in Netgear SRX5308 up to 4.3.5-3. This affects an unknown part of the component Web Management Interface. The manipulation of the argument Login.userAgent leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-227673 was assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-srx5308srx5308_firmwareSRX5308
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2023-2396
Matching Score-6
Assigner-VulDB
ShareView Details
Matching Score-6
Assigner-VulDB
CVSS Score-4.3||MEDIUM
EPSS-0.09% / 27.07%
||
7 Day CHG~0.00%
Published-28 Apr, 2023 | 22:00
Updated-02 Aug, 2024 | 06:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Netgear SRX5308 Web Management Interface cross site scripting

A vulnerability classified as problematic was found in Netgear SRX5308 up to 4.3.5-3. This vulnerability affects unknown code of the component Web Management Interface. The manipulation of the argument USERDBUsers.Password leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. VDB-227674 is the identifier assigned to this vulnerability. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-NETGEAR, Inc.
Product-srx5308srx5308_firmwareSRX5308
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20759
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.4||HIGH
EPSS-0.18% / 39.49%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:11
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR R9000 devices before 1.0.4.26 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r9000r9000_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20756
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-7.1||HIGH
EPSS-0.44% / 62.30%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 21:08
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by reflected XSS. This affects EX7000 before 1.0.0.64, EX6200 before 1.0.3.86, EX6150 before 1.0.0.38, EX6130 before 1.0.0.22, EX6120 before 1.0.0.40, EX6100 before 1.0.2.22, EX6000 before 1.0.0.30, EX3700 before 1.0.0.70, EX3800 before 1.0.0.70, R8300 before 1.0.2.94, R7300DST before 1.0.0.62, R7000P before 1.3.0.20, R6900P before 1.3.0.20, R6400 before 1.0.1.32, R6300v2 before 1.0.4.24, R8500 before 1.0.2.94, WNDR3400v3 before 1.0.1.18, and WN2500RPv2 before 1.0.1.52.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-r6400_firmwareex3800_firmwareex7000ex6200r6900pex3700r6900p_firmwarewndr3400r8300r7300dst_firmwarer8500_firmwarewn2500rpwn2500rp_firmwarer7300dstr6300_firmwareex6130ex6000_firmwareex6100r7000p_firmwarer8500ex6130_firmwarewndr3400_firmwarer8300_firmwareex6200_firmwareex6150r7000pex3800ex6100_firmwareex3700_firmwareex6000ex7000_firmwareex6120r6300r6400ex6120_firmwareex6150_firmwaren/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-11016
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.68% / 70.67%
||
7 Day CHG~0.00%
Published-16 Oct, 2019 | 00:25
Updated-06 Aug, 2024 | 03:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR JNR1010 devices before 1.0.0.32 allow webproc?getpage= XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-jnr1010_firmwarejnr1010n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20486
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-02 Mar, 2020 | 15:06
Updated-05 Aug, 2024 | 02:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered on NETGEAR WNR1000V4 1.1.0.54 devices. Multiple pages (setup.cgi and adv_index.htm) within the web management console are vulnerable to stored XSS, as demonstrated by the configuration of the UI language.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wnr1000_firmwarewnr1000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20742
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.17% / 38.49%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:23
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac510_firmwarewac510n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-20743
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.17% / 38.49%
||
7 Day CHG~0.00%
Published-16 Apr, 2020 | 19:24
Updated-05 Aug, 2024 | 02:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR WAC510 devices before 8.0.1.3 are affected by stored XSS.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-wac510_firmwarewac510n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2019-12513
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.1||MEDIUM
EPSS-0.33% / 55.11%
||
7 Day CHG~0.00%
Published-24 Feb, 2020 | 18:16
Updated-04 Aug, 2024 | 23:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Stored XSS via DHCP Discover Request Hostname

In NETGEAR Nighthawk X10-R900 prior to 1.0.4.24, by sending a DHCP discover request containing a malicious hostname field, an attacker may execute stored XSS attacks against this device. When the malicious DHCP request is received, the device will generate a log entry containing the malicious hostname. This log entry may then be viewed at Advanced settings->Administration->Logs to trigger the exploit. Although this value is inserted into a textarea tag, converted to all-caps, and limited in length, attacks are still possible.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-nighthawk_x10-r9000_firmwarenighthawk_x10-r9000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10864
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-5.2||MEDIUM
EPSS-0.14% / 34.97%
||
7 Day CHG~0.00%
Published-08 Aug, 2019 | 12:48
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

NETGEAR EX7000 V1.0.0.42_1.0.94 devices allow XSS via the SSID.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-ex7000_firmwareex7000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-21155
Matching Score-6
Assigner-MITRE Corporation
ShareView Details
Matching Score-6
Assigner-MITRE Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.19% / 41.15%
||
7 Day CHG~0.00%
Published-27 Apr, 2020 | 17:12
Updated-05 Aug, 2024 | 12:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.34, DM200 before 1.0.0.52, R6100 before 1.0.1.22, R7500 before 1.0.0.122, R7500v2 before 1.0.3.26, R7800 before 1.0.2.42, R8900 before 1.0.4.2, R9000 before 1.0.3.16, WNDR4300 before 1.0.2.98, WNDR4300v2 before 1.0.0.54, WNDR4500v3 before 1.0.0.54, and WNR2000v5 before 1.0.0.64.

Action-Not Available
Vendor-n/aNETGEAR, Inc.
Product-d7800_firmwaredm200r8900r9000_firmwarer8900_firmwarewndr4500_firmwared7800r6100_firmwarewnr2000_firmwaredm200_firmwarer9000r7500wndr4300_firmwarer7500_firmwarer7800wndr4500r6100wndr4300r7800_firmwarewnr2000n/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1504
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.34% / 55.68%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 5.x and 6.x before 6.0.6 GA allows remote authenticated users to inject arbitrary web script or HTML via a blog title.

Action-Not Available
Vendor-n/aLiferay Inc.
Product-portaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-22242
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-8.7||HIGH
EPSS-4.11% / 88.16%
||
7 Day CHG~0.00%
Published-25 Aug, 2021 | 18:38
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1129
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-3.5||LOW
EPSS-0.25% / 48.42%
||
7 Day CHG~0.00%
Published-21 Jun, 2011 | 01:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in the EditNews function in ManageNews.php in Simple Machines Forum (SMF) before 1.1.13, and 2.x before 2.0 RC5, might allow remote authenticated users to inject arbitrary web script or HTML via a save_items action.

Action-Not Available
Vendor-simplemachinesn/a
Product-smfn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2022-37404
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-4.8||MEDIUM
EPSS-0.32% / 54.28%
||
7 Day CHG~0.00%
Published-09 Sep, 2022 | 14:39
Updated-20 Feb, 2025 | 20:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress add2fav plugin <= 1.0 - Authenticated Stored Cross-Site Scripting (XSS) vulnerability

Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Christian Salazar's add2fav plugin <= 1.0 at WordPress.

Action-Not Available
Vendor-add2fav_projectChristian Salazar
Product-add2favadd2fav (WordPress plugin)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-22983
Matching Score-4
Assigner-F5, Inc.
ShareView Details
Matching Score-4
Assigner-F5, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.22% / 44.86%
||
7 Day CHG~0.00%
Published-12 Feb, 2021 | 17:57
Updated-03 Aug, 2024 | 18:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

On BIG-IP AFM version 15.1.x before 15.1.1, 14.1.x before 14.1.3.1, and 13.1.x before 13.1.3.5, authenticated users accessing the Configuration utility for AFM are vulnerable to a cross-site scripting attack if they attempt to access a maliciously-crafted URL. Note: Software versions which have reached End of Software Development (EoSD) are not evaluated.

Action-Not Available
Vendor-n/aF5, Inc.
Product-big-ip_advanced_firewall_managerBIG-IP AFM
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12716
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 13.61%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:06
Updated-11 Jun, 2025 | 19:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Simple Basic Contact Form < 20250114 - Admin+ Stored XSS

The Simple Basic Contact Form WordPress plugin before 20250114 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-wpkubeUnknown
Product-simple_basic_contact_formSimple Basic Contact Form
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2011-1570
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-3.5||LOW
EPSS-0.65% / 69.78%
||
7 Day CHG~0.00%
Published-07 May, 2011 | 19:00
Updated-11 Apr, 2025 | 00:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cross-site scripting (XSS) vulnerability in Liferay Portal Community Edition (CE) 6.x before 6.0.6 GA, when Apache Tomcat is used, allows remote authenticated users to inject arbitrary web script or HTML via a message title, a different vulnerability than CVE-2004-2030.

Action-Not Available
Vendor-n/aLiferay Inc.Microsoft Corporation
Product-windows_7liferay_portaln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13292
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 11.19%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 20:16
Updated-10 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tooltip - Moderately critical - Cross site scripting - SA-CONTRIB-2024-058

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Tooltip allows Cross-Site Scripting (XSS).This issue affects Tooltip: from 0.0.0 before 1.1.2.

Action-Not Available
Vendor-The Drupal Association
Product-Tooltip
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13357
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 13.61%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:07
Updated-10 Jun, 2025 | 13:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ditty – Responsive News Tickers, Sliders, and Lists < 3.1.52 - Author+ Stored XSS

The Ditty WordPress plugin before 3.1.52 does not sanitise and escape some of its settings, which could allow high privilege users such as author to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-metaphorcreationsUnknown
Product-dittyDitty
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-22220
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.1||MEDIUM
EPSS-0.15% / 36.16%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 19:05
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-20876
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.21% / 42.98%
||
7 Day CHG~0.00%
Published-01 Aug, 2019 | 12:43
Updated-05 Aug, 2024 | 12:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 74.0.8 allows self XSS in the Site Software Moderation interface (SEC-434).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10774
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.30% / 52.69%
||
7 Day CHG~0.00%
Published-05 Aug, 2019 | 12:57
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 60.0.25 allows self XSS in the tail_ea4_migration.cgi interface (SEC-172).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-2410
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-5.4||MEDIUM
EPSS-0.28% / 51.09%
||
7 Day CHG~0.00%
Published-10 Apr, 2018 | 15:00
Updated-05 Aug, 2024 | 04:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP Business One, 9.2, 9.3, browser access does not sufficiently encode user controlled inputs, which results in a Cross-Site Scripting (XSS) vulnerability.

Action-Not Available
Vendor-SAP SE
Product-business_oneSAP Business One
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-18722
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-4.8||MEDIUM
EPSS-0.24% / 46.32%
||
7 Day CHG~0.00%
Published-28 Oct, 2018 | 00:00
Updated-05 Aug, 2024 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An XSS issue was discovered in admin/content/editcontent?id=29&gopage=1 in YUNUCMS 1.1.5.

Action-Not Available
Vendor-yunucmsn/a
Product-yunucmsn/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12874
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.04% / 10.42%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:06
Updated-09 Jun, 2025 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Top Comments <= 1.0 - Admin+ Stored Cross-Site Scripting

The Top Comments WordPress plugin through 1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-top_comments_projectUnknown
Product-top_commentsTop Comments
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2018-25038
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-3.5||LOW
EPSS-0.19% / 41.65%
||
7 Day CHG~0.00%
Published-12 Jun, 2022 | 07:40
Updated-15 Apr, 2025 | 14:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Thomson TCW710 RgDhcp Persistent cross site scriting

A vulnerability was found in Thomson TCW710 ST5D.10.05. It has been classified as problematic. This affects an unknown part of the file /goform/RgDhcp. The manipulation of the argument PppUserName with the input ><script>alert(1)</script> as part of POST Request leads to cross site scripting (Persistent). It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Action-Not Available
Vendor-technicolorThomson
Product-thomson_tcw710thomson_tcw710_firmwareTCW710
CWE ID-CWE-80
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2016-10780
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.4||MEDIUM
EPSS-0.34% / 56.21%
||
7 Day CHG~0.00%
Published-06 Aug, 2019 | 12:52
Updated-06 Aug, 2024 | 03:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

cPanel before 60.0.25 allows stored XSS in the ftp_sessions API (SEC-180).

Action-Not Available
Vendor-n/acPanel (WebPros International, LLC)
Product-cpaneln/a
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13247
Matching Score-4
Assigner-Drupal.org
ShareView Details
Matching Score-4
Assigner-Drupal.org
CVSS Score-4.8||MEDIUM
EPSS-0.06% / 19.22%
||
7 Day CHG~0.00%
Published-09 Jan, 2025 | 18:53
Updated-04 Jun, 2025 | 15:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Coffee - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-011

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Coffee allows Cross-Site Scripting (XSS).This issue affects Coffee: from 0.0.0 before 1.4.0.

Action-Not Available
Vendor-coffee_projectThe Drupal Association
Product-coffeeCoffee
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-13095
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.01% / 0.74%
||
7 Day CHG~0.00%
Published-27 Jan, 2025 | 06:00
Updated-05 May, 2025 | 15:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP Triggers Lite <= 2.5.3 - Admin+ SQL Injection

The WP Triggers Lite WordPress plugin through 2.5.3 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks

Action-Not Available
Vendor-wptriggersUnknown
Product-wp_triggers_liteWP Triggers Lite
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12679
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 13.61%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:06
Updated-28 May, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prisna GWT < 1.4.14 - Admin+ Stored XSS

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-prisnaUnknown
Product-google_website_translatorPrisna GWT
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2024-12680
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-4.8||MEDIUM
EPSS-0.05% / 13.61%
||
7 Day CHG~0.00%
Published-15 May, 2025 | 20:06
Updated-28 May, 2025 | 15:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Prisna GWT < 1.4.14 - Admin+ Stored XSS

The Prisna GWT WordPress plugin before 1.4.14 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

Action-Not Available
Vendor-prisnaUnknown
Product-google_website_translatorPrisna GWT
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • ...
  • 168
  • 169
  • Next
Details not found