CVE-2021-29106
A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser.
Source: CVE-2021-29106
CVE-2021-29107
A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application.
Source: CVE-2021-29107
CVE-2021-35358
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ and ‘Filename’ parameters.
Source: CVE-2021-35358
CVE-2021-35360
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
Source: CVE-2021-35360
CVE-2020-25877
A stored cross site scripting (XSS) vulnerability in the ‘Add Page’ feature of BlackCat CMS 1.3.6 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ parameter.
Source: CVE-2020-25877
CVE-2020-25875
A stored cross site scripting (XSS) vulnerability in the ‘Smileys’ feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the ‘Smiley Code’ parameter.
Source: CVE-2020-25875
CVE-2021-20024
Multiple Out-of-Bound read vulnerability in SonicWall Switch when handling LLDP Protocol allows an attacker to cause a system instability or potentially read sensitive information from the memory locations.
Source: CVE-2021-20024
CVE-2020-35987
A stored cross site scripting (XSS) vulnerability in the ‘Entities List’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter.
Source: CVE-2020-35987
CVE-2020-35986
A stored cross site scripting (XSS) vulnerability in the ‘Users Access Groups’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Name’ parameter.
Source: CVE-2020-35986
CVE-2020-35984
A stored cross site scripting (XSS) vulnerability in the ‘Users Alerts’ feature of Rukovoditel 2.7.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the ‘Title’ parameter.
Source: CVE-2020-35984