CVE-2021-25680
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at min
CVSS
6.1
Medio
EPSS
2.4%
p82
KEV
—
Exploit Today
25
0-100
Publicado: 20 abr 2021 · Última mod.: 9 jul 2026 · CWE-79
2.4%EPSS · 30 días3.4%
2026-06-302026-07-16
The AdTran Personal Phone Manager software is vulnerable to multiple reflected cross-site scripting (XSS) issues. These issues impact at minimum versions 10.8.1 and below but potentially impact later versions as well since they have not previously been disclosed. Only version 10.8.1 was able to be confirmed during primary research. NOTE: The affected appliances NetVanta 7060 and NetVanta 7100 are considered End of Life and as such this issue will not be patched.
- packetstormsecurity.comhttp://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1-Cross-Site-Scripting.html
- github.comhttps://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md
- packetstormsecurity.comhttp://packetstormsecurity.com/files/162269/Adtran-Personal-Phone-Manager-10.8.1-Cross-Site-Scripting.html
- github.comhttps://github.com/3ndG4me/AdTran-Personal-Phone-Manager-Vulns/blob/main/CVE-2021-25680.md
CVECVSSEPSSKEVRExplotTítuloVis.
CVE-2021-252996.1 MED99.9%
——30Nagios XI version xi-5.7.5 is affected by cross-site scripting (XSS). The vulnerability exists in the file /usr/local/nagiosxi/html/admin/sshterm.php due to improper sanitization of user-controlled input. A maliciously crafted URL, when clicked by an admin user, can be used to steal his/her session cookies or it can be chained with the previous bugs to get one-click remote command execution (RCE) on the Nagios XI server.8dCVE-2021-364506.1 MED99.2%
——30Verint Workforce Optimization (WFO) 15.2.8.10048 allows XSS via the control/my_notifications NEWUINAV parameter.8dCVE-2023-414256.1 MED98.9%
——30Cross Site Scripting vulnerability in Wonder CMS v.3.2.0 thru v.3.4.2 allows a remote attacker to execute arbitrary code via a crafted script uploaded to the installModule component.8dCVE-2022-330986.1 MED98.8%
——30Magnolia CMS v6.2.19 was discovered to contain a cross-site scripting (XSS) vulnerability via the Edit Contact function. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted SVG document, with JavaScript, for a profile picture.8dCVE-2025-441489.8 CRÍ98.8%
——30Cross Site Scripting (XSS) vulnerability in MailEnable before v10 allows a remote attacker to execute arbitrary code via the failure.aspx component12dCVE-2022-365335.4 MED98.5%
——30Super Flexible Software GmbH & Co. KG Syncovery 9 for Linux v9.47x and below was discovered to contain a cross-site scripting (XSS) vulnerability.8d