CVE-2021-26230

Cross-site scripting XSS vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to saveuser.php...

CVE-2021-35265

A reflected cross-site scripting XSS vulnerability in MaxSite CMS before V106 via product/page/ allows remote attackers to inject arbitrary web script to a page...

CVE-2021-20825

Cross-site scripting vulnerability in List order management item change plug-in for EC-CUBE 3.0 series Ver.1.1 and earlier allows a remote attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-39499

A Cross-site scripting XSS vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the title parameter in bindemail function...

CVE-2021-38264

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 and 7.4.1 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter. This issue is caused by an incomplete fix in CVE-2021-35463...

CVE-2021-3824

OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL...

CVE-2021-20809

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...

CVE-2021-20805

Cross-site scripting vulnerability in the management screen of Cybozu Remote Service 3.1.7 to 3.1.9 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors...

CVE-2021-20784

HTTP header injection vulnerability in Everything version 1.0, 1.1, and 1.2 except the Lite version may allow a remote attacker to inject an arbitrary script or alter the website that uses the product...

CVE-2021-20710

Cross-site scripting vulnerability in Aterm WG2600HS firmware Ver1.5.1 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors...

CVE-2021-44461

Cross-site scripting XSS issue in Accounting app of Odoo Enterprise 13.0 through 15.0, allows remote attackers who are able to control the contents of accounting journal entries to inject arbitrary web script in the browser of a victim...

CVE-2021-41463

Cross-site scripting XSS vulnerability in toos/permissions/dialogs/access/entity/types/groupcombination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter...

CVE-2021-33212

A Cross-site scripting XSS vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image...

CVE-2021-27679

Cross-site scripting XSS vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name...

CVE-2021-26916

In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter...

CVE-2020-5631

Stored cross-site scripting vulnerability in CMONOS.JP ver2.0.20191009 and earlier allows remote attackers to inject arbitrary script via unspecified vectors...

CVE-2020-19049

Cross Site Scripting XSS in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management=add'...

CVE-2020-15885

A Cross-Site Scripting XSS vulnerability in the comment module before 4.0 for MunkiReport allows remote attackers to inject arbitrary web script or HTML by posting a new comment...

CVE-2020-9012

A cross-site scripting XSS vulnerability in the Import People functionality in Gluu Identity Configuration 4.0 allows remote attackers to inject arbitrary web script or HTML via the filename parameter...

CVE-2020-5606

Cross-site scripting vulnerability in WHR-G54S firmware 1.43 and earlier allows remote attackers to inject arbitrary script via a specially crafted page...