|
|
Security Vulnerabilities Published
In 2021(Cross Site Scripting (XSS))
| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2021-45906 |
79 |
|
XSS |
2021-12-27 |
2023-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenWrt 21.02.1 allows XSS via the NAT Rules Name screen. |
|
2 |
CVE-2021-45905 |
79 |
|
XSS |
2021-12-27 |
2023-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenWrt 21.02.1 allows XSS via the Traffic Rules Name screen. |
|
3 |
CVE-2021-45904 |
79 |
|
XSS |
2021-12-27 |
2023-05-24 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
OpenWrt 21.02.1 allows XSS via the Port Forwards Add Name screen. |
|
4 |
CVE-2021-45903 |
79 |
|
XSS |
2021-12-28 |
2022-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
A persistent cross-site scripting (XSS) issue in the web interface of SuiteCRM before 7.10.35, and 7.11.x and 7.12.x before 7.12.2, allows a remote attacker to introduce arbitrary JavaScript via attachments upload, a different vulnerability than CVE-2021-39267 and CVE-2021-39268. |
|
5 |
CVE-2021-45895 |
79 |
|
XSS |
2021-12-27 |
2022-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Netgen Tags Bundle 3.4.x before 3.4.11 and 4.0.x before 4.0.15 allows XSS in the Tags Admin interface. |
|
6 |
CVE-2021-45815 |
79 |
|
XSS |
2021-12-30 |
2022-01-10 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Quectel UC20 UMTS/HSPA+ UC20 6.3.14 is affected by a Cross Site Scripting (XSS) vulnerability. |
|
7 |
CVE-2021-45813 |
79 |
|
XSS |
2021-12-28 |
2022-01-12 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting (XSS) vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft. |
|
8 |
CVE-2021-45812 |
79 |
|
XSS |
2021-12-28 |
2022-01-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
NUUO Network Video Recorder NVRsolo 3.9.1 is affected by a Cross Site Scripting (XSS) vulnerability. An attacker can steal the user's session by injecting malicious JavaScript codes which leads to session hijacking. |
|
9 |
CVE-2021-45677 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects GS108Tv2 before 5.4.2.36 and GS110TPv2 before 5.4.2.36. |
|
10 |
CVE-2021-45676 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.5.126, RAX20 before 1.0.2.82, RAX80 before 1.0.5.126, RAX15 before 1.0.2.82, and RAX75 before 1.0.5.126. |
|
11 |
CVE-2021-45675 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects R6120 before 1.0.0.76, R6260 before 1.1.0.78, R6850 before 1.1.0.78, R6350 before 1.1.0.78, R6330 before 1.1.0.78, R6800 before 1.2.0.76, R6700v2 before 1.2.0.76, R6900v2 before 1.2.0.76, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, and AC2600 before 1.2.0.76. |
|
12 |
CVE-2021-45674 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. |
|
13 |
CVE-2021-45673 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects R7000 before 1.0.11.110, R7900 before 1.0.4.30, R8000 before 1.0.4.62, RAX200 before 1.0.3.106, R7000P before 1.3.3.140, RAX80 before 1.0.3.106, R6900P before 1.3.3.140, and RAX75 before 1.0.3.106. |
|
14 |
CVE-2021-45672 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by Stored XSS. This affects D6200 before 1.1.00.40, D7000 before 1.0.1.78, R6020 before 1.0.0.48, R6080 before 1.0.0.48, R6120 before 1.0.0.76, R6220 before 1.1.0.110, R6230 before 1.1.0.110, R6260 before 1.1.0.78, R6800 before 1.2.0.76, R6900v2 before 1.2.0.76, R6700v2 before 1.2.0.76, R6850 before 1.1.0.78, R7200 before 1.2.0.76, R7350 before 1.2.0.76, R7400 before 1.2.0.76, R7450 before 1.2.0.76, AC2100 before 1.2.0.76, AC2400 before 1.2.0.76, AC2600 before 1.2.0.76, and RAX40 before 1.0.3.62. |
|
15 |
CVE-2021-45671 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.62, EX7500 before 1.0.0.72, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.4.120, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.4.120, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.4.120, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. |
|
16 |
CVE-2021-45670 |
79 |
|
XSS |
2021-12-26 |
2022-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7000 before 1.0.11.116, R7900 before 1.0.4.38, R8000 before 1.0.4.68, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R7000P before 1.3.2.126, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R6900P before 1.3.2.126, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. |
|
17 |
CVE-2021-45669 |
79 |
|
XSS |
2021-12-26 |
2022-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects RAX200 before 1.0.3.106, MR60 before 1.0.6.110, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, MS60 before 1.0.6.110, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. |
|
18 |
CVE-2021-45668 |
79 |
|
XSS |
2021-12-26 |
2022-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, R7900P before 1.4.1.66, R8000P before 1.4.1.66, RAX15 before 1.0.2.82, RAX20 before 1.0.2.82, RAX200 before 1.0.3.106, RAX45 before 1.0.2.72, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, and RAX80 before 1.0.3.106. |
|
19 |
CVE-2021-45667 |
79 |
|
XSS |
2021-12-26 |
2022-01-06 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.48, EAX80 before 1.0.1.64, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, R7960P before 1.4.1.66, RAX200 before 1.0.3.106, RBS40V before 2.6.1.4, RBW30 before 2.6.1.4, EX3700 before 1.0.0.90, MR60 before 1.0.6.110, R8000P before 1.4.1.66, RAX20 before 1.0.2.82, RAX45 before 1.0.2.72, RAX80 before 1.0.3.106, EX3800 before 1.0.0.90, MS60 before 1.0.6.110, R7900P before 1.4.1.66, RAX15 before 1.0.2.82, RAX50 before 1.0.2.72, RAX75 before 1.0.3.106, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. |
|
20 |
CVE-2021-45666 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects CBR40 before 2.5.0.10, EAX80 before 1.0.1.64, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4. |
|
21 |
CVE-2021-45665 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by stored XSS. This affects EAX20 before 1.0.0.36, EAX80 before 1.0.1.62, EX3700 before 1.0.0.90, EX3800 before 1.0.0.90, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7500 before 1.0.0.72, RBW30 before 2.6.1.4, RBK752 before 3.2.16.6, RBR750 before 3.2.16.6, RBS750 before 3.2.16.6, RBK852 before 3.2.16.6, RBR850 before 3.2.16.6, RBS850 before 3.2.16.6, and RBS40V before 2.6.1.4. |
|
22 |
CVE-2021-45664 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. |
|
23 |
CVE-2021-45663 |
79 |
|
XSS |
2021-12-26 |
2022-01-04 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
NETGEAR R7000 devices before 1.0.11.126 are affected by stored XSS. |
|
24 |
CVE-2021-45662 |
79 |
|
XSS |
2021-12-26 |
2022-01-03 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
NETGEAR R7000 devices before 1.0.9.88 are affected by stored XSS. |
|
25 |
CVE-2021-45639 |
79 |
|
XSS |
2021-12-26 |
2022-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Certain NETGEAR devices are affected by reflected XSS. This affects CBR40 before 2.5.0.10, EAX20 before 1.0.0.32, EAX80 before 1.0.1.62, EX6120 before 1.0.0.64, EX6130 before 1.0.0.44, EX7000 before 1.0.1.104, EX7500 before 1.0.0.72, R7000 before 1.0.11.110, R7900 before 1.0.4.30, R7960P before 1.4.1.66, R8000 before 1.0.4.62, RAX200 before 1.0.2.102, XR300 before 1.0.3.50, EX3700 before 1.0.0.90, MR60 before 1.0.5.102, R7000P before 1.3.2.126, R8000P before 1.4.1.66, RAX20 before 1.0.1.64, RAX50 before 1.0.2.28, RAX80 before 1.0.3.102, EX3800 before 1.0.0.90, MS60 before 1.0.5.102, R6900P before 1.3.2.126, R7900P before 1.4.1.66, RAX15 before 1.0.1.64, RAX45 before 1.0.2.28, RAX75 before 1.0.3.102, RBR750 before 3.2.16.6, RBR850 before 3.2.16.6, RBS750 before 3.2.16.6, RBS850 before 3.2.16.6, RBK752 before 3.2.16.6, and RBK852 before 3.2.16.6. |
|
26 |
CVE-2021-45474 |
79 |
|
XSS |
2021-12-24 |
2022-02-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. |
|
27 |
CVE-2021-45473 |
79 |
|
XSS |
2021-12-24 |
2022-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). |
|
28 |
CVE-2021-45472 |
79 |
|
XSS |
2021-12-24 |
2022-02-07 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. |
|
29 |
CVE-2021-45425 |
79 |
|
Exec Code XSS |
2021-12-28 |
2022-01-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. |
|
30 |
CVE-2021-45088 |
79 |
|
XSS |
2021-12-16 |
2022-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. |
|
31 |
CVE-2021-45087 |
79 |
|
XSS |
2021-12-16 |
2022-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. |
|
32 |
CVE-2021-45086 |
79 |
|
XSS |
2021-12-16 |
2022-01-21 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. |
|
33 |
CVE-2021-45085 |
79 |
|
XSS |
2021-12-16 |
2022-08-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. |
|
34 |
CVE-2021-45018 |
79 |
|
XSS |
2021-12-15 |
2021-12-20 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). |
|
35 |
CVE-2021-44916 |
79 |
|
Exec Code XSS |
2021-12-20 |
2022-02-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. |
|
36 |
CVE-2021-44726 |
79 |
|
XSS |
2021-12-08 |
2021-12-08 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. |
|
37 |
CVE-2021-44598 |
79 |
|
XSS |
2021-12-26 |
2022-01-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system. |
|
38 |
CVE-2021-44544 |
79 |
|
XSS |
2021-12-22 |
2021-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DIAEnergie Version 1.7.5 and prior is vulnerable to multiple cross-site scripting vulnerabilities when arbitrary code is injected into the parameter “name” of the script “HandlerEnergyType.ashx”. |
|
39 |
CVE-2021-44543 |
79 |
|
XSS |
2021-12-23 |
2021-12-29 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
An XSS vulnerability was found in Privoxy which was fixed in cgi_error_no_template() by encode the template name when Privoxy is configured to servce the user-manual itself. |
|
40 |
CVE-2021-44471 |
79 |
|
XSS |
2021-12-22 |
2021-12-28 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script “DIAE_HandlerAlarmGroup.ashx”. |
|
41 |
CVE-2021-44317 |
79 |
|
XSS |
2021-12-16 |
2021-12-22 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
In Bus Pass Management System v1.0, parameters 'pagedes' and `About Us` are affected with a Stored Cross-site scripting vulnerability. |
|
42 |
CVE-2021-44279 |
79 |
|
XSS |
2021-12-01 |
2021-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/forms/poller-groups.inc.php. |
|
43 |
CVE-2021-44277 |
79 |
|
XSS |
2021-12-01 |
2021-12-03 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Librenms 21.11.0 is affected by a Cross Site Scripting (XSS) vulnerability in includes/html/common/alert-log.inc.php. |
|
44 |
CVE-2021-44263 |
79 |
|
XSS |
2021-12-20 |
2022-07-28 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Gurock TestRail before 7.2.4 mishandles HTML escaping. |
|
45 |
CVE-2021-44203 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored cross-site scripting (XSS) was possible in protection plan details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
46 |
CVE-2021-44202 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Stored cross-site scripting (XSS) was possible in activity details. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
47 |
CVE-2021-44201 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
48 |
CVE-2021-44200 |
79 |
|
XSS |
2021-11-29 |
2021-11-30 |
3.5 |
None |
Remote |
Medium |
??? |
None |
Partial |
None |
|
Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 |
|
49 |
CVE-2021-44163 |
79 |
|
XSS |
2021-12-20 |
2021-12-27 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. |
|
50 |
CVE-2021-44148 |
79 |
|
XSS |
2021-12-07 |
2021-12-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. |
|
|
