Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4263 | 1 Leanote | 1 Leanote | 2024-11-21 | 4.0 MEDIUM | 3.5 LOW |
|
A vulnerability, which was classified as problematic, has been found in leanote 2.6.1. This issue affects the function define of the file public/js/plugins/history.js. The manipulation of the argument content leads to cross site scripting. The attack may be initiated remotely. The identifier of the patch is 0f9733c890077942150696dcc6d2b1482b7a0a19. It is recommended to apply a patch to fix this issue. The identifier VDB-216461 was assigned to this vulnerability.
|
|||||
| CVE-2021-4257 | 1 Ctrlo | 1 Lenio | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in ctrlo lenio. It has been declared as problematic. This vulnerability affects unknown code of the file views/task.tt of the component Task Handler. The manipulation of the argument site.org.name/check.name/task.tasktype.name/task.name leads to cross site scripting. The attack can be initiated remotely. The name of the patch is 698c5fa465169d6f23c6a41ca4b1fc9a7869013a. It is recommended to apply a patch to fix this issue. VDB-216214 is the identifier assigned to this v ...
Show More |
|||||
| CVE-2021-4256 | 1 Ctrlo | 1 Lenio | 2024-11-21 | N/A | 3.5 LOW |
|
A vulnerability was found in ctrlo lenio. It has been classified as problematic. This affects an unknown part of the file views/index.tt. The manipulation of the argument task.name/task.site.org.name leads to cross site scripting. It is possible to initiate the attack remotely. The name of the patch is e1646d5cd0a2fbab9eb505196dd2ca1c9e4cdd97. It is recommended to apply a patch to fix this issue. The identifier VDB-216213 was assigned to this vulnerability.
|
|||||
| CVE-2021-4244 | 1 Yikesplugins | 1 Easy Forms For Mailchimp | 2024-11-21 | N/A | 2.6 LOW |
|
A vulnerability classified as problematic has been found in yikes-inc-easy-mailchimp-extender Plugin up to 6.8.5. This affects an unknown part of the file admin/partials/ajax/add_field_to_form.php. The manipulation of the argument field_name/merge_tag/field_type/list_id leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 6.8.6 is able to address this issue. The name of the patch is 3662c6593aa1bb4286781214891d26de2e947695. It is recommended to upgr ...
Show More |
|||||
| CVE-2021-4232 | 1 Phpgurukul | 1 Zoo Management System | 2024-11-21 | 4.3 MEDIUM | 3.5 LOW |
|
A vulnerability classified as problematic has been found in Zoo Management System 1.0. Affected is an unknown function of the file admin/manage-ticket.php. The manipulation with the input <script>alert(1)</script> leads to cross site scripting. It is possible to launch the attack remotely.
|
|||||
| CVE-2021-4222 | 1 Maxfoundry | 1 Wp-paginate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The WP-Paginate WordPress plugin before 2.1.4 does not sanitise and escape its preset settings, allowing high privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html is disallowed
|
|||||
| CVE-2021-4195 | 1 Firmanet | 1 Customer Relation Manager | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Firmanet Software and Technology Customer Relation Manager allows XSS Targeting HTML Attributes.This issue affects Customer Relation Manager: before 2022.03.13.
|
|||||
| CVE-2021-4179 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4176 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4175 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4172 | 1 Showdoc | 1 Showdoc | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository star7th/showdoc prior to 2.10.2.
|
|||||
| CVE-2021-4170 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
calibre-web is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4169 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4143 | 1 Bigbluebutton | 1 Bigbluebutton | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.
|
|||||
| CVE-2021-4139 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
|
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4132 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4124 | 1 Meetecho | 1 Janus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4121 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4116 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4108 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4107 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4103 | 1 B3log | 1 Vditor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34.
|
|||||
| CVE-2021-4084 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4081 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4074 | 1 I-plugins | 1 Whmcs Bridge | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
|
The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability.
|
|||||
| CVE-2021-4072 | 1 Elgg | 1 Elgg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4050 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4046 | 1 Tcman | 1 Gim | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data.
|
|||||
| CVE-2021-4038 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios.
|
|||||
| CVE-2021-4035 | 1 Wocu-monitoring | 1 Wocu Monitoring | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports.
|
|||||
| CVE-2021-4020 | 1 Meetecho | 1 Janus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-46889 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A | 6.1 MEDIUM |
|
The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693.
|
|||||
| CVE-2021-46888 | 1 Hledger | 1 Hledger | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function.
|
|||||
| CVE-2021-46827 | 1 Sync | 5 Oxygen Publishing Engine, Oxygen Xml Author, Oxygen Xml Developer and 2 more | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field.
|
|||||
| CVE-2021-46824 | 1 School File Management System Project | 1 School File Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php.
|
|||||
| CVE-2021-46782 | 1 Supsystic | 1 Price Table | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2021-46781 | 1 Subsystic | 1 Coming Soon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2021-46780 | 1 Supsystic | 1 Easy Google Maps | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting
|
|||||
| CVE-2021-46709 | 1 Phpliteadmin | 1 Phpliteadmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
phpLiteAdmin through 1.9.8.2 allows XSS via the index.php newRows parameter (aka num or number).
|
|||||