CVE-2021-20664

Cross-site scripting vulnerability in in Asset registration screen of Movable Type 7 r.4705 and earlier Movable Type 7 Series, Movable Type Advanced 7 r.4705 and earlier Movable Type Advanced 7 Series, Movable Type 6.7.5 and earlier Movable Type 6.7 Series, Movable Type Premium 1.39 and earlier,...

CVE-2021-20741

Cross-site scripting vulnerability in Hitachi Application Server Help Hitachi Application Server V10 Manual Windows version 10-11-01 and earlier and Hitachi Application Server V10 Manual UNIX version 10-11-01 and earlier allows a remote attacker to inject an arbitrary script via unspecified vecto...

CVE-2021-20813

Cross-site scripting vulnerability in Edit screen of Content Data of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series and Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series allows remote attackers to inject arbitrary script or HTML via unspecified vector...

CVE-2021-20743

Cross-site scripting vulnerability in EC-CUBE Email newsletters management plugin for EC-CUBE 3.0 series versions prior to version 1.0.4 allows a remote attacker to inject an arbitrary script by leading a user to a specially crafted page and to perform a specific operation...

CVE-2021-20627

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-20812

Cross-site scripting vulnerability in Setting screen of Server Sync of Movable Type Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series and Movable Type Premium Advanced 1.44 and earlier allows remote attackers to inject arbitrary script or HTML via unspecified vectors...

CVE-2021-20810

Cross-site scripting vulnerability in Website Management screen of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable Type Premium 1.44 and...

CVE-2021-26230

Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to saveuser.php...

CVE-2021-35265

A reflected cross-site scripting XSS vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page...

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-39499

A Cross-site scripting XSS vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the title parameter in bindemail function...

CVE-2021-38264

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

CVE-2021-20809

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...

CVE-2021-20805

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

CVE-2021-20710

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-44461

Cross-site scripting XSS issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim...

CVE-2021-41463

Cross-site scripting XSS vulnerability in toos/permissions/dialogs/access/entity/types/groupcombination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter...

CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...