Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script.
|
|||||
| CVE-2021-45380 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php
|
|||||
| CVE-2021-45357 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php.
|
|||||
| CVE-2021-45329 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
|
|||||
| CVE-2021-45281 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized.
|
|||||
| CVE-2021-45229 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below.
|
|||||
| CVE-2021-45228 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user.
|
|||||
| CVE-2021-45227 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack.
|
|||||
| CVE-2021-45225 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window).
|
|||||
| CVE-2021-45224 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs.
|
|||||
| CVE-2021-45094 | 1 Okta | 1 Imprivata Privileged Access Management | 2024-11-21 | N/A | 5.4 MEDIUM |
|
Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.
|
|||||
| CVE-2021-45088 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page.
|
|||||
| CVE-2021-45087 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title.
|
|||||
| CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js.
|
|||||
| CVE-2021-45085 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list.
|
|||||
| CVE-2021-45071 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names.
|
|||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2021-45018 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed).
|
|||||
| CVE-2021-44970 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php.
|
|||||
| CVE-2021-44969 | 1 Taogogo | 1 Taocms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component.
|
|||||
| CVE-2021-44916 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser.
|
|||||
| CVE-2021-44912 | 1 Xpressengine | 1 Xpressengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL.
|
|||||
| CVE-2021-44911 | 1 Xpressengine | 1 Xpressengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities.
|
|||||
| CVE-2021-44896 | 1 Dmproadmap Project | 1 Dmproadmap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
DMP Roadmap before 3.0.4 allows XSS.
|
|||||
| CVE-2021-44829 | 1 Afi-solutions | 1 Webacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.
|
|||||
| CVE-2021-44791 | 1 Apache | 1 Druid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks.
|
|||||
| CVE-2021-44775 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.
|
|||||
| CVE-2021-44760 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions.
|
|||||
| CVE-2021-44749 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution.
|
|||||
| CVE-2021-44748 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
|
A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability.
|
|||||
| CVE-2021-44726 | 1 Knime | 1 Knime Server | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
|
KNIME Server before 4.13.4 allows XSS via the old WebPortal login page.
|
|||||
| CVE-2021-44667 | 1 Alibaba | 1 Nacos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters.
|
|||||
| CVE-2021-44662 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php.
|
|||||
| CVE-2021-44649 | 1 Django-cms | 1 Django Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user.
|
|||||
| CVE-2021-44608 | 1 Bloofox | 1 Bloofoxcms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exists in bloofoxCMS 0.5.2.1 - 0.5.1 via the (1) file parameter and (2) type parameter in an edit action in index.php.
|
|||||
| CVE-2021-44607 | 1 Thedaylightstudio | 1 Fuel Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in FUEL-CMS 1.5.1 in the Assets page via an SVG file.
|
|||||
| CVE-2021-44598 | 1 Attendance Management System Project | 1 Attendance Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Attendance Management System 1.0 is affected by a Cross Site Scripting (XSS) vulnerability. The value of the FirstRecord request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The attacker can access the system, by using the XSS-reflected method, and then can store information by injecting the admin account on this system.
|
|||||
| CVE-2021-44585 | 1 Jeecg | 1 Jeecg Boot | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerabilitiy exits in jeecg-boot 3.0 in /jeecg-boot/jmreport/view with a mouseover event.
|
|||||
| CVE-2021-44584 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in index.php in emlog version <= pro-1.0.7 allows remote attackers to inject arbitrary web script or HTML via the s parameter.
|
|||||
| CVE-2021-44566 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in RosarioSIS before 4.3 via the SanitizeMarkDown function in ProgramFunctions/MarkDownHTML.fnc.php.
|
|||||