Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-40517 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access.
|
|||||
| CVE-2021-40509 | 1 Jforum | 1 Jforum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.
|
|||||
| CVE-2021-40492 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php).
|
|||||
| CVE-2021-40457 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
|
Microsoft Dynamics 365 Customer Engagement Cross-Site Scripting Vulnerability
|
|||||
| CVE-2021-40440 | 1 Microsoft | 1 Dynamics 365 Business Central | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
|
|||||
| CVE-2021-40377 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
|
|||||
| CVE-2021-40374 | 1 Apperta | 1 Openeye | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability was identified in Apperta Foundation OpenEyes 3.5.1. Updating a patient's details allows remote attackers to inject arbitrary web script or HTML via the Address1 parameter. This JavaScript then executes when the patient profile is loaded, which could be used in a XSS attack.
|
|||||
| CVE-2021-40369 | 1 Apache | 1 Jspwiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A carefully crafted plugin link invocation could trigger an XSS vulnerability on Apache JSPWiki, related to the Denounce plugin, which could allow the attacker to execute javascript in the victim's browser and get some sensitive information about the victim. Apache JSPWiki users should upgrade to 2.11.0 or later.
|
|||||
| CVE-2021-40337 | 1 Hitachi | 1 Linkone | 2024-11-21 | 3.5 LOW | 4.2 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in Hitachi Energy LinkOne allows an attacker that manages to exploit the vulnerability can take advantage to exploit multiple web attacks and stole sensitive information. This issue affects: Hitachi Energy LinkOne 3.20; 3.22; 3.23; 3.24; 3.25; 3.26.
|
|||||
| CVE-2021-40310 | 1 Os4ed | 1 Opensis | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
|
|||||
| CVE-2021-40292 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
|
|||||
| CVE-2021-40261 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester CASAP Automated Enrollment System 1.0 via the (1) user_username and (2) category parameters in save_class.php, the (3) firstname, (4) class, and (5) status parameters in student_table.php, the (6) category and (7) class_name parameters in add_class1.php, the (8) fname, (9) mname,(10) lname, (11) address, (12) class, (13) gfname, (14) gmname, (15) glname, (16) rship, (17) status, (18) transport, and (19) route parameters ...
Show More |
|||||
| CVE-2021-40260 | 1 Tailor Management System Project | 1 Tailor Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exist in SourceCodester Tailor Management 1.0 via the (1) eid parameter in (a) partedit.php and (b) customeredit.php, the (2) id parameter in (a) editmeasurement.php and (b) addpayment.php, and the (3) error parameter in index.php.
|
|||||
| CVE-2021-40238 | 1 Webuzo | 1 Webuzo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo.
|
|||||
| CVE-2021-40223 | 1 Rittal | 2 Cmc Pu Iii 7030.000, Cmc Pu Iii 7030.000 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application.
|
|||||
| CVE-2021-40214 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
|
|||||
| CVE-2021-40191 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
|
|||||
| CVE-2021-40178 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine Log360 before Build 5224 allows stored XSS via the LOGO_PATH key value in the logon settings.
|
|||||
| CVE-2021-40176 | 1 Zohocorp | 1 Manageengine Log360 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Zoho ManageEngine Log360 before Build 5225 allows stored XSS.
|
|||||
| CVE-2021-40131 | 1 Cisco | 1 Common Services Platform Collector | 2024-11-21 | 3.5 LOW | 5.5 MEDIUM |
|
A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. ...
Show More |
|||||
| CVE-2021-40121 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
|
Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory.
|
|||||
| CVE-2021-40115 | 1 Cisco | 2 Collaboration Meeting Rooms, Webex Video Mesh | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sen ...
Show More |
|||||
| CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field.
|
|||||
| CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments.
|
|||||
| CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
|
|||||
| CVE-2021-40096 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations.
|
|||||
| CVE-2021-40094 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device.
|
|||||
| CVE-2021-40093 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions.
|
|||||
| CVE-2021-40092 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file.
|
|||||
| CVE-2021-40041 | 1 Huawei | 2 Ws318n-21, Ws318n-21 Firmware | 2024-11-21 | 1.9 LOW | 4.2 MEDIUM |
|
There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6.
|
|||||
| CVE-2021-3994 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3985 | 1 Kimai | 1 Kimai2 | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
|
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3983 | 1 Kimai2 Project | 1 Kimai2 | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3977 | 1 Invoiceninja | 1 Invoice Ninja | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3961 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3950 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3945 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3938 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3920 | 1 Getgrav | 1 Grav-plugin-admin | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
|
|||||
| CVE-2021-3914 | 1 Redhat | 3 Build Of Quarkus, Openshift Application Runtimes, Smallrye Health | 2024-11-21 | N/A | 6.1 MEDIUM |
|
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
|
|||||