The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2020-22150 | A cross site scripting (XSS) vulnerability in /admin.php?page=permalinks of Piwigo 2.10.1 allows attackers to execute arbitrary web scripts or HTML. | MEDIUM | Jul 21, 2021 | n/a |
| CVE-2021-43724 | A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | LOW | Feb 24, 2022 | n/a |
| CVE-2021-39491 | A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | LOW | Mar 24, 2022 | n/a |
| CVE-2019-13122 | A Cross Site Scripting (XSS) vulnerability exists in the template tag used to render message ids in Patchwork v1.1 through v2.1.x. This allows an attacker to insert JavaScript or HTML into the patch detail page via an email sent to a mailing list consumed by Patchwork. This affects the function msgid in templatetags/patch.py. Patchwork versions v2.1.4 and v2.0.4 will contain the fix. | MEDIUM | Jul 16, 2019 | n/a |
| CVE-2021-42597 | A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. | -- | Sep 16, 2022 | n/a |
| CVE-2021-43462 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. | LOW | Apr 4, 2022 | n/a |
| CVE-2021-43459 | A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | LOW | Apr 4, 2022 | n/a |
| CVE-2021-44565 | A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 7.6.1 via the xss_clean function in classes/Security.php, which allows remote malicious users to inject arbitrary JavaScript or HTML. An example of affected components are all Markdown input fields. | LOW | Feb 24, 2022 | n/a |
| CVE-2021-44566 | A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php. | LOW | Feb 24, 2022 | n/a |
| CVE-2020-8204 | A cross site scripting (XSS) vulnerability exists in Pulse Connect Secure <9.1R5 on the PSAL Page. | MEDIUM | Jul 31, 2020 | n/a |
| CVE-2021-42940 | A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code. | LOW | Feb 11, 2022 | n/a |
| CVE-2021-40882 | A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | MEDIUM | Dec 16, 2021 | n/a |
| CVE-2022-23903 | A Cross Site Scripting (XSS) vulnerability exists in pearadmin pear-admin-think <=5.0.6, which allows a login account to access arbitrary functions and cause stored XSS through a fake User-Agent. | LOW | Apr 4, 2022 | n/a |
| CVE-2021-43009 | A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL. | MEDIUM | Apr 8, 2022 | n/a |
| CVE-2020-28350 | A Cross Site Scripting (XSS) vulnerability exists in OPAC in Sokrates SOWA SowaSQL through 5.6.1 via the sowacgi.php typ parameter. | MEDIUM | Nov 19, 2020 | n/a |
| CVE-2021-46025 | A Cross SIte Scripting (XSS) vulnerability exists in OneBlog <= 2.2.8. via the add function in the operation tab list in the background. | LOW | Jan 20, 2022 | n/a |
| CVE-2021-44667 | A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. | MEDIUM | Mar 12, 2022 | n/a |
| CVE-2021-42946 | A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page. | LOW | Mar 31, 2022 | n/a |
| CVE-2021-44607 | A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file. | LOW | Feb 24, 2022 | n/a |
| CVE-2023-38826 | A Cross Site Scripting (XSS) vulnerability exists in Follet Learning Solutions Destiny through 20.0_1U. via the handlewpesearchform.do. searchString. | -- | Dec 26, 2023 | n/a |
| CVE-2021-43432 | A Cross Site Scripting (XSS) vulnerability exists in Exrick XMall Admin Panel as of 11/7/2021 via the GET parameter in product-add.jsp. | MEDIUM | Apr 7, 2022 | n/a |
| CVE-2021-42220 | A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. | LOW | Dec 15, 2021 | n/a |
| CVE-2020-19274 | A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code. | MEDIUM | May 12, 2021 | n/a |
| CVE-2021-42867 | A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages. | LOW | Mar 31, 2022 | n/a |
| CVE-2021-43635 | A Cross Site Scripting (XSS) vulnerability exists in Codex before 1.4.0 via Notebook/Page name field, which allows malicious users to execute arbitrary code via a crafted http code in a .json file. | MEDIUM | Feb 8, 2022 | n/a |
| CVE-2021-42869 | A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages. | LOW | Mar 31, 2022 | n/a |
| CVE-2021-42868 | A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. . | LOW | Mar 31, 2022 | n/a |
| CVE-2017-9781 | A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.4.0x prior to 1.4.0p6, allowing an unauthenticated remote attacker to inject arbitrary HTML or JavaScript via the _username parameter when attempting authentication to webapi.py, which is returned unencoded with content type text/html. | MEDIUM | Jun 21, 2017 | n/a |
| CVE-2017-11507 | A cross site scripting (XSS) vulnerability exists in Check_MK versions 1.2.8x prior to 1.2.8p25 and 1.4.0x prior to 1.4.0p9, allowing an unauthenticated attacker to inject arbitrary HTML or JavaScript via the output_format parameter, and the username parameter of failed HTTP basic authentication attempts, which is returned unencoded in an internal server error page. | MEDIUM | Dec 11, 2017 | n/a |
| CVE-2021-44585 | A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event. | MEDIUM | Mar 11, 2022 | n/a |
| CVE-2021-33961 | A Cross Site Scripting (XSS) vulnerabililty exists in enhanced-github v5.0.11 via the file name parameter. | MEDIUM | Mar 23, 2022 | n/a |
| CVE-2020-27533 | A Cross Site Scripting (XSS) issue was discovered in the search feature of DedeCMS v.5.8 that allows malicious users to inject code into web pages, and other users will be affected when viewing web pages. | LOW | Oct 22, 2020 | n/a |
| CVE-2021-27558 | A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. | MEDIUM | Aug 31, 2021 | n/a |
| CVE-2019-18654 | A Cross Site Scripting (XSS) issue exists in AVG AntiVirus (Internet Security Edition) 19.3.3084 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | MEDIUM | Nov 4, 2019 | n/a |
| CVE-2019-18653 | A Cross Site Scripting (XSS) issue exists in Avast AntiVirus (Free, Internet Security, and Premiere Edition) 19.3.2369 build 19.3.4241.440 in the Network Notification Popup, allowing an attacker to execute JavaScript code via an SSID Name. | MEDIUM | Nov 6, 2019 | n/a |
| CVE-2020-19683 | A Cross Site Scripting (XSS) exists in ZZZCMS V1.7.1 via an editfile action in save.php. | LOW | Dec 9, 2021 | n/a |
| CVE-2024-2748 | A Cross Site Request Forgery vulnerability was identified in GitHub Enterprise Server that allowed an attacker to execute unauthorized actions on behalf of an unsuspecting user. A mitigating factor is that user interaction is required. This vulnerability affected GitHub Enterprise Server 3.12.0 and was fixed in versions 3.12.1. This vulnerability was reported via the GitHub Bug Bounty program. | -- | Mar 21, 2024 | n/a |
| CVE-2023-28023 | A cross site request forgery vulnerability in the BigFix WebUI Software Distribution interface site version 44 and before allows an NMO attacker to access files on server side systems (server machine and all the ones in its network). | -- | Jul 18, 2023 | n/a |
| CVE-2016-5758 | A cross site request forgery protection mechanism in NetIQ Access Manager 4.1 before 4.1.2 Hot Fix 1 and 4.2 before 4.2.2 could be circumvented by repeated uploads causing a high load. | MEDIUM | Mar 24, 2017 | n/a |
| CVE-2022-4138 | A Cross Site Request Forgery issue has been discovered in GitLab CE/EE affecting all versions before 15.6.7, all versions starting from 15.7 before 15.7.6, and all versions starting from 15.8 before 15.8.1. An attacker could take over a project if an Owner or Maintainer uploads a file to a malicious project. | -- | Feb 14, 2023 | n/a |
| CVE-2020-19964 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. | MEDIUM | Oct 14, 2021 | n/a |
| CVE-2020-26641 | A Cross Site Request Forgery (CSRF) vulnerability was discovered in iCMS 7.0.16 which can allow an attacker to execute arbitrary web scripts. | MEDIUM | May 28, 2021 | n/a |
| CVE-2021-34244 | A cross site request forgery (CSRF) vulnerability was discovered in Ice Hrm 29.0.0.OS which allows attackers to create new admin accounts or change users\' passwords. | MEDIUM | Jun 25, 2021 | n/a |
| CVE-2020-18418 | A Cross site request forgery (CSRF) vulnerability was discovered in FeiFeiCMS v4.1.190209, which allows attackers to create administrator accounts via /index.php?s=Admin-Admin-Insert. | -- | Jun 27, 2023 | n/a |
| CVE-2018-6907 | A Cross Site Request Forgery (CSRF) vulnerability in the Green Electronics RainMachine Mini-8 (2nd Generation) and Touch HD 12 web application allows an attacker to control the RainMachine device via the REST API. | MEDIUM | Nov 1, 2018 | n/a |
| CVE-2020-24130 | A cross site request forgery (CSRF) vulnerability in the configure.html component of Ponzu 0.11.0 allows attackers to change user and administrator credentials, and add or delete administrator accounts. | MEDIUM | Aug 20, 2021 | n/a |
| CVE-2020-20586 | A cross site request forgery (CSRF) vulnerability in the /xyhai.php?s=/Auth/editUser URI of XYHCMS V3.6 allows attackers to edit any information of the administrator such as the name, e-mail, and password. | LOW | Jul 8, 2021 | n/a |
| CVE-2018-20728 | A cross site request forgery (CSRF) vulnerability in NeDi before 1.7Cp3 allows remote attackers to escalate privileges via User-Management.php. | Medium | Jan 22, 2019 | n/a |
| CVE-2020-25986 | A Cross Site Request Forgery (CSRF) vulnerability in MonoCMS Blog 1.0 allows attackers to change the password of a user. | MEDIUM | Oct 7, 2020 | n/a |
| CVE-2023-37598 | A Cross Site Request Forgery (CSRF) vulnerability in issabel-pbx v.4.0.0-6 allows a remote attacker to cause a denial of service via the delete new virtual fax function. | -- | Jul 13, 2023 | n/a |
