Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42050 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS.
|
|||||
| CVE-2021-42048 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
|
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits.
|
|||||
| CVE-2021-42047 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback.
|
|||||
| CVE-2021-42046 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 6.1 MEDIUM |
|
An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript.
|
|||||
| CVE-2021-42045 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
|
An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote.
|
|||||
| CVE-2021-42044 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages ...
Show More |
|||||
| CVE-2021-42043 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query.
|
|||||
| CVE-2021-42042 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
|
|||||
| CVE-2021-42041 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log.
|
|||||
| CVE-2021-41962 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service.
|
|||||
| CVE-2021-41952 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS.
|
|||||
| CVE-2021-41951 | 1 Montala | 1 Resourcespace | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2021-41948 | 1 Intelliants | 1 Subrion | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects".
|
|||||
| CVE-2021-41946 | 1 Fiberhome | 2 Hg150-ub, Hg150-ub Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS.
|
|||||
| CVE-2021-41930 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php.
|
|||||
| CVE-2021-41929 | 1 The Electric Billing Management System Project | 1 The Electric Billing Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page.
|
|||||
| CVE-2021-41924 | 1 Webkul | 1 Krayin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS).
|
|||||
| CVE-2021-41918 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.
|
|||||
| CVE-2021-41917 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.
|
|||||
| CVE-2021-41878 | 1 Hkurl | 1 I-panel Administration System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability exists in the i-Panel Administration System Version 2.0 that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console and it is possible to insert a vulnerable malicious button.
|
|||||
| CVE-2021-41871 | 1 Socomec | 2 Remote View Pro, Remote View Pro Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Socomec REMOTE VIEW PRO 2.0.41.4. Improper validation of input into the username field makes it possible to place a stored XSS payload. This is executed if an administrator views the System Event Log.
|
|||||
| CVE-2021-41866 | 1 Mybb | 1 Mybb | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
MyBB before 1.8.28 allows stored XSS because the displayed Template Name value in the Admin CP's theme management is not escaped properly.
|
|||||
| CVE-2021-41836 | 1 Conva | 1 Fathom Analytics | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Fathom Analytics WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and escaping via the $site_id parameter found in the ~/fathom-analytics.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 3.0.4. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
|
|||||
| CVE-2021-41825 | 1 Verint | 1 Workforce Optimization | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
|
Verint Workforce Optimization (WFO) 15.2.5.1033 allows HTML injection via the /wfo/control/signin username parameter.
|
|||||
| CVE-2021-41798 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MediaWiki before 1.36.2 allows XSS. Month related MediaWiki messages are not escaped before being used on the Special:Search results page.
|
|||||
| CVE-2021-41791 | 1 Alfresco | 2 Community Share, Share | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Hyland org.alfresco:share through 7.0.0.2 and org.alfresco:community-share through 7.0. An evasion of the XSS filter for HTML input validation in the Alfresco Share User Interface leads to stored XSS that could be exploited by an attacker (given that he has privileges on the content collaboration features).
|
|||||
| CVE-2021-41750 | 1 Nystudio107 | 1 Seomatic | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the SEOmatic plugin 3.4.10 for Craft CMS 3 allows remote attackers to inject arbitrary web script via a GET to /index.php?action=seomatic/file/seo-file-link with url parameter containing the base64 encoded URL of a malicious web page / file and fileName parameter containing an arbitrary filename with the intended content-type to be rendered in the user's browser as the extension.
|
|||||
| CVE-2021-41747 | 1 Csdn | 1 Csdn App | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-Site Scripting (XSS) vulnerability exists in Csdn APP 4.10.0, which can be exploited by attackers to obtain sensitive information such as user cookies.
|
|||||
| CVE-2021-41731 | 1 News247 News Magazine \(cms\) Project | 1 News247 News Magazine \(cms\) | 2024-11-21 | N/A | 4.8 MEDIUM |
|
Cross Site Scripting (XSS vulnerability exists in )Sourcecodester News247 News Magazine (CMS) PHP 5.6 or higher and MySQL 5.7 or higher via the blog category name field
|
|||||
| CVE-2021-41728 | 1 Sourcecodester | 1 News247 Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in Sourcecodester News247 CMS 1.0 via the search function in articles.
|
|||||
| CVE-2021-41697 | 1 Globaldatingsoftware | 1 Premiumdatingscript | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected Cross Site Scripting (XSS) vulnerability exists in Premiumdatingscript 4.2.7.7 via the aerror_description parameter in assets/sources/instagram.php script.
|
|||||
| CVE-2021-41663 | 1 1234n | 1 Minicms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability exists in Mini CMS V1.11. The vulnerability exists in the article upload: post-edit.php page.
|
|||||
| CVE-2021-41658 | 1 Student Quarterly Grading System Project | 1 Student Quarterly Grading System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) in Sourcecodester Student Quarterly Grading System by oretnom23, allows attackers to execute arbitrary code via the fullname and username parameters to the users page.
|
|||||
| CVE-2021-41570 | 1 Veritas | 1 Netbackup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Veritas NetBackup OpsCenter Analytics 9.1 allows XSS via the NetBackup Master Server Name, Display Name, NetBackup User Name, or NetBackup Password field during a Settings/Configuration Add operation.
|
|||||
| CVE-2021-41567 | 1 Tad Uploader Project | 1 Tad Uploader | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The new add subject parameter of Tad Uploader view book list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.
|
|||||
| CVE-2021-41565 | 1 Tadtools Project | 1 Tadtools | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
TadTools special page parameter does not properly restrict the input of specific characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks.
|
|||||
| CVE-2021-41563 | 1 Tad Book3 Project | 1 Tad Book3 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Tad Book3 editing book function does not filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks.
|
|||||
| CVE-2021-41557 | 1 Sofico | 1 Miles Rich Internet Application | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Sofico Miles RIA 2020.2 Build 127964T is affected by Stored Cross Site Scripting (XSS). An attacker with access to a user account of the RIA IT or the Fleet role can create a crafted work order in the damage reports section (or change existing work orders). The XSS payload is in the work order number.
|
|||||
| CVE-2021-41555 | 1 Archibus | 1 Web Central | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In ARCHIBUS Web Central 21.3.3.815 (a version from 2014), XSS occurs in /archibus/dwr/call/plaincall/workflow.runWorkflowRule.dwr because the data received as input from clients is re-included within the HTTP response returned by the application without adequate validation. In this way, if HTML code or client-side executable code (e.g., Javascript) is entered as input, the expected execution flow could be altered. This is fixed in all recent versions, such as version 26. NOTE: This vulnerability ...
Show More |
|||||
| CVE-2021-41542 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action.
|
|||||