Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3333 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Opmantek Open-AudIT 4.0.1 is affected by cross-site scripting (XSS). When outputting SQL statements for debugging, a maliciously crafted query can trigger an XSS attack. This attack only succeeds if the user is already logged in to Open-AudIT before they click the malicious link.
|
|||||
| CVE-2021-3327 | 1 Ovation | 1 Dynamic Content | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Ovation Dynamic Content 1.10.1 for Elementor allows XSS via the post_title parameter.
|
|||||
| CVE-2021-3318 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
attach/ajax.php in DzzOffice through 2.02.1 allows XSS via the editorid parameter.
|
|||||
| CVE-2021-3315 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible.
|
|||||
| CVE-2021-3314 | 1 Oracle | 1 Glassfish Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. A malicious user can cause an administrator user to supply dangerous content to the vulnerable page, which is then reflected back to the user and executed by the web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. NOTE: This vulnerability only affects products that are no longer supported by th ...
Show More |
|||||
| CVE-2021-3313 | 1 Plone | 1 Plone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Plone CMS until version 5.2.4 has a stored Cross-Site Scripting (XSS) vulnerability in the user fullname property and the file upload functionality. The user's input data is not properly encoded when being echoed back to the user. This data can be interpreted as executable code by the browser and allows an attacker to execute JavaScript in the context of the victim's browser if the victim opens a vulnerable page containing an XSS payload.
|
|||||
| CVE-2021-3298 | 1 O-dyn | 1 Collabtive | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter.
|
|||||
| CVE-2021-3294 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CASAP Automated Enrollment System 1.0 is affected by cross-site scripting (XSS) in users.php. An attacker can steal a cookie to perform user redirection to a malicious website.
|
|||||
| CVE-2021-3279 | 1 Fortics | 1 Szchat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
sz.chat version 4 allows injection of web scripts and HTML in the message box.
|
|||||
| CVE-2021-3275 | 1 Tp-link | 10 Archer-c3150, Archer-c3150 Firmware, Td-w9977 and 7 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Unauthenticated stored cross-site scripting (XSS) exists in multiple TP-Link products including WIFI Routers (Wireless AC routers), Access Points, ADSL + DSL Gateways and Routers, which affects TD-W9977v1, TL-WA801NDv5, TL-WA801Nv6, TL-WA802Nv5, and Archer C3150v2 devices through the improper validation of the hostname. Some of the pages including dhcp.htm, networkMap.htm, dhcpClient.htm, qsEdit.htm, and qsReview.htm and use this vulnerable hostname function (setDefaultHostname()) without saniti ...
Show More |
|||||
| CVE-2021-3271 | 1 Pressbooks | 1 Pressbooks | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
PressBooks 5.17.3 contains a cross-site scripting (XSS). Stored XSS can be submitted via the Book Info's Long Description Body, and all actions to open or preview the books page will result in the triggering the stored XSS.
|
|||||
| CVE-2021-3258 | 1 Qa-themes | 1 Q2a Ultimate Seo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Question2Answer Q2A Ultimate SEO Version 1.3 is affected by cross-site scripting (XSS), which may lead to arbitrary remote code execution.
|
|||||
| CVE-2021-3243 | 1 Wfiltericf | 1 Wfilter Internet Content Filter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Wfilter ICF 5.0.117 contains a cross-site scripting (XSS) vulnerability. An attacker in the same LAN can craft a packet with a malicious User-Agent header to inject a payload in its logs, where an attacker can take over the system by through its plugin-running function.
|
|||||
| CVE-2021-3224 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter.
|
|||||
| CVE-2021-3210 | 1 Bloodhound Project | 1 Bloodhound | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
|
components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter.
|
|||||
| CVE-2021-3184 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button.
|
|||||
| CVE-2021-3163 | 1 Slab | 1 Quill | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser
|
|||||
| CVE-2021-3159 | 1 Landray | 1 Landray Ekp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
|
|||||
| CVE-2021-3151 | 1 I-doit | 1 I-doit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS.
|
|||||
| CVE-2021-3150 | 1 Cryptshare | 1 Cryptshare Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1
|
|||||
| CVE-2021-3137 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section.
|
|||||
| CVE-2021-3135 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call.
|
|||||
| CVE-2021-3124 | 1 Newtarget | 1 Custom Global Variables | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field.
|
|||||
| CVE-2021-3111 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI.
|
|||||
| CVE-2021-3052 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
|
A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 ve ...
Show More |
|||||
| CVE-2021-3043 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
|
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.1 ...
Show More |
|||||
| CVE-2021-3026 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
|
|||||
| CVE-2021-3014 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
|
|||||
| CVE-2021-3012 | 1 Esri | 1 Arcgis Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
|
|||||
| CVE-2021-3010 | 1 Opentext | 1 Content Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
|
|||||
| CVE-2021-3002 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
|
|||||
| CVE-2021-39946 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis
|
|||||
| CVE-2021-39910 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 2.6 LOW |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
|
|||||
| CVE-2021-39906 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 8.7 HIGH |
|
Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.
|
|||||
| CVE-2021-39887 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
|
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
|
|||||
| CVE-2021-39885 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
|
|||||
| CVE-2021-39878 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.8 MEDIUM |
|
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.
|
|||||
| CVE-2021-39609 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
|
|||||
| CVE-2021-39599 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
|
|||||
| CVE-2021-39499 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
|
|||||