Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43265 | 1 Mahara | 1 Mahara | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
|
|||||
| CVE-2021-43198 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
|
|||||
| CVE-2021-43197 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
|
|||||
| CVE-2021-43186 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
|
|||||
| CVE-2021-43184 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
|
|||||
| CVE-2021-43181 | 1 Jetbrains | 1 Hub | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
|
|||||
| CVE-2021-43154 | 1 Cmsmadesimple | 1 Cms Made Simple | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
|
|||||
| CVE-2021-43137 | 1 Phpgurukul | 1 Hostel Management System | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
|
|||||
| CVE-2021-43081 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
|
|||||
| CVE-2021-43080 | 1 Fortinet | 1 Fortios | 2024-11-21 | N/A | 4.6 MEDIUM |
|
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.
|
|||||
| CVE-2021-43063 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.
|
|||||
| CVE-2021-43062 | 1 Fortinet | 1 Fortimail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
|
|||||
| CVE-2021-43047 | 1 Tibco | 1 Partnerexpress | 2024-11-21 | 8.5 HIGH | 9.0 CRITICAL |
|
The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO S ...
Show More |
|||||
| CVE-2021-43032 | 1 Xenforo | 1 Xenforo | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
In XenForo through 2.2.7, a threat actor with access to the admin panel can create a new Advertisement via the Advertising function, and save an XSS payload in the body of the HTML document. This payload will execute globally on the client side.
|
|||||
| CVE-2021-43009 | 1 Opservices | 1 Opmon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in OpServices OpMon through 9.11 via the search parameter in the request URL.
|
|||||
| CVE-2021-42970 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in cxuucms v3 via the imgurl of /feedback/post/ content parameter.
|
|||||
| CVE-2021-42946 | 1 Htmly | 1 Htmly | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in htmly.2.8.1 via the Copyright field in the /admin/config page.
|
|||||
| CVE-2021-42943 | 1 Ipplan Project | 1 Ipplan | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored cross-site scripting (XSS) in admin/usermanager.php over IPPlan v4.92b allows remote attackers to inject arbitrary web script or HTML via the userid parameter.
|
|||||
| CVE-2021-42940 | 1 Projeqtor | 1 Projeqtor | 2024-11-21 | 3.5 LOW | 9.9 CRITICAL |
|
A Cross Site Scripting (XSS) vulnerability exists in Projeqtor 9.3.1 via /projeqtor/tool/saveAttachment.php, which allows an attacker to upload a SVG file containing malicious JavaScript code.
|
|||||
| CVE-2021-42869 | 1 Chikitsa | 1 Patient Management Software | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 via the last_name parameter in the (1) patient/insert, (2) patient_report, (3) /appointment_report, (4) visit_report, and (5) /bill_detail_report pages.
|
|||||
| CVE-2021-42868 | 1 Chikitsa | 1 Patient Management Software | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Chikista Patient Management Software 2.0.2 in the first_name parameter in (1) patient/insert, (2) patient_report, (3) appointment_report, (4) visit_report, and (5) bill_detail_report pages. .
|
|||||
| CVE-2021-42867 | 1 Htmly | 1 Htmly | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in DanPros htmly 2.8.1 via the Description field in (1) admin/config, and (2) index.php pages.
|
|||||
| CVE-2021-42866 | 1 Pixelimity | 1 Pixelimity | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Cross Site Scripting vulnerabilty exists in Pixelimity 1.0 via the Site Description field in pixelimity/admin/setting.php
|
|||||
| CVE-2021-42856 | 1 Riverbed | 1 Steelcentral Appinternals Dynamic Sampling Agent | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
It was discovered that the /DsaDataTest endpoint is susceptible to Cross-site scripting (XSS) attack. It was noted that the Metric parameter does not have any input checks on the user input that allows an attacker to craft its own malicious payload to trigger a XSS vulnerability.
|
|||||
| CVE-2021-42841 | 1 Practo | 1 Insta Hms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Insta HMS before 12.4.10 is vulnerable to XSS because of improper validation of user-supplied input by multiple scripts. A remote attacker could exploit this vulnerability via a crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials.
|
|||||
| CVE-2021-42838 | 1 Vice | 1 Webopac | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Grand Vice info Co. webopac7 book search field parameter does not properly restrict the input of special characters, thus unauthenticated attackers can inject JavaScript syntax remotely, and further perform reflective XSS attacks.
|
|||||
| CVE-2021-42770 | 1 Opnsense | 1 Opnsense | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability was discovered in OPNsense before 21.7.4 via the LDAP attribute return in the authentication tester.
|
|||||
| CVE-2021-42752 | 1 Fortinet | 1 Fortiwlm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's host via crafted HTTP requests
|
|||||
| CVE-2021-42751 | 1 Thingsboard | 1 Thingsboard | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the description of a rule node.
|
|||||
| CVE-2021-42750 | 1 Thingsboard | 1 Thingsboard | 2024-11-21 | N/A | 4.8 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Rule Engine in ThingsBoard 3.3.1 allows remote attackers (with administrative access) to inject arbitrary JavaScript within the title of a rule node.
|
|||||
| CVE-2021-42703 | 1 Advantech | 1 Webaccess Hmi Designer | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
This vulnerability could allow an attacker to send malicious Javascript code resulting in hijacking of the user’s cookie/session tokens, redirecting the user to a malicious webpage, and performing unintended browser action.
|
|||||
| CVE-2021-42664 | 1 Engineers Online Portal Project | 1 Engineers Online Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross Site Scripting (XSS) Vulneraibiilty exists in Sourcecodester Engineers Online Portal in PHP via the (1) Quiz title and (2) quiz description parameters to add_quiz.php. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
|
|||||
| CVE-2021-42663 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
|
An HTML injection vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the msg parameter to /event-management/index.php. An attacker can leverage this vulnerability in order to change the visibility of the website. Once the target user clicks on a given link he will display the content of the HTML code of the attacker's choice.
|
|||||
| CVE-2021-42662 | 1 Online Event Booking And Reservation System Project | 1 Online Event Booking And Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Event Booking and Reservation System in PHP/MySQL via the Holiday reason parameter. An attacker can leverage this vulnerability in order to run javascript commands on the web server surfers behalf, which can lead to cookie stealing and more.
|
|||||
| CVE-2021-42656 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2021-42650 | 1 Portainer | 1 Portainer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
|
|||||
| CVE-2021-42648 | 1 Coder | 1 Code-server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL.
|
|||||
| CVE-2021-42639 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization.
|
|||||
| CVE-2021-42597 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2024-11-21 | N/A | 5.4 MEDIUM |
|
A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form.
|
|||||
| CVE-2021-42584 | 1 Convos | 1 Convos | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32.
|
|||||