Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38966 | 1 Ibm | 2 Cloud Pak For Automation, Workflow Process Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cloud Pak for Automation 21.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212357.
|
|||||
| CVE-2021-38961 | 1 Ibm | 6 Power System Ac922 \(8335-gtc\), Power System Ac922 \(8335-gtc\) Firmware, Power System Ac922 \(8335-gtg\) and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM OPENBMC OP910 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 212049.
|
|||||
| CVE-2021-38952 | 1 Ibm | 1 Infosphere Information Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211408.
|
|||||
| CVE-2021-38946 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 211240.
|
|||||
| CVE-2021-38944 | 1 Ibm | 1 Datapower Gateway | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM DataPower Gateway 10.0.2.0 through 1.0.3.0, 10.0.1.0 through 10.0.1.5, and 2018.4.1.0 through 2018.4.1.18 is vulnerable to HTTP header injection, caused by improper validation of input by the HOST headers. This could allow an attacker to conduct various attacks against the vulnerable system, including cross-site scripting, cache poisoning or session hijacking. IBM X-Force ID: 211236.
|
|||||
| CVE-2021-38934 | 1 Ibm | 2 Engineering Test Management, Rational Quality Manager | 2024-11-21 | N/A | 5.4 MEDIUM |
|
IBM Engineering Test Management 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210671.
|
|||||
| CVE-2021-38927 | 3 Ibm, Linux, Microsoft | 3 Aspera Console, Linux Kernel, Windows | 2024-11-21 | N/A | 7.2 HIGH |
|
IBM Aspera Console 3.4.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 210322.
|
|||||
| CVE-2021-38909 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.1.7 and 11.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209706.
|
|||||
| CVE-2021-38903 | 2 Ibm, Netapp | 2 Cognos Analytics, Oncommand Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Cognos Analytics 11.1.7, 11.2.0, and 11.1.7 is vulnerable to cross-site scripting, caused by improper validation of user-supplied input. A remote attacker could exploit this vulnerability to inject malicious script into a Web page which would be executed in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. IBM X-Force ID: 209691.
|
|||||
| CVE-2021-38896 | 2 Ibm, Linux | 2 Qradar Advisor, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM QRadar Advisor 2.5 through 2.6.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209566.
|
|||||
| CVE-2021-38895 | 1 Ibm | 1 Security Verify Access | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Security Verify 10.0.0, 10.0.1.0, and 10.0.2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209563.
|
|||||
| CVE-2021-38893 | 1 Ibm | 3 Business Automation Workflow, Business Process Manager, Workflow Process Service | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Process Manager 8.5 and 8.6 and IBM Business Automation Workflow 18.0, 19.0, 20.0 and 21.0 are vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209512.
|
|||||
| CVE-2021-38883 | 1 Ibm | 2 Business Automation Workflow, Business Process Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Business Automation Workflow 18.0, 19.0, 20,0 and 21.0 and IBM Business Process Manager 8.5 and 8.6 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 209165.
|
|||||
| CVE-2021-38877 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208405.
|
|||||
| CVE-2021-38876 | 1 Ibm | 1 I | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
IBM i 7.2, 7.3, and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208404.
|
|||||
| CVE-2021-38871 | 3 Ibm, Linux, Microsoft | 3 Jazz Team Server, Linux Kernel, Windows | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208345.
|
|||||
| CVE-2021-38870 | 1 Ibm | 1 Aspera On Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343.
|
|||||
| CVE-2021-38822 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A Stored Cross Site Scripting vulnerability via Malicious File Upload exists in multiple pages of IceHrm 30.0.0.OS that allows for arbitrary execution of JavaScript commands.
|
|||||
| CVE-2021-38757 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through contact.php.
|
|||||
| CVE-2021-38756 | 1 Hospital Management System Project | 1 Hospital Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent cross-site scripting (XSS) in Hospital Management System targeted towards web admin through prescribe.php.
|
|||||
| CVE-2021-38752 | 1 Online Catering Reservation System Project | 1 Online Catering Reservation System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability in Online Catering Reservation System using PHP on Sourcecodester allows an attacker to arbitrarily inject code in the search bar.
|
|||||
| CVE-2021-38713 | 1 Imgurl Project | 1 Imgurl | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.
|
|||||
| CVE-2021-38710 | 1 Yclas | 1 Yclas | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. An attacker can store XSS in the database through the vulnerable SITE_NAME parameter.
|
|||||
| CVE-2021-38709 | 1 Compo | 1 Composr Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.
|
|||||
| CVE-2021-38708 | 1 Compo | 1 Composr Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.
|
|||||
| CVE-2021-38707 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Persistent cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow low-privileged attackers to introduce arbitrary JavaScript to account parameters. The XSS payloads will execute in the browser of any user who views the relevant content. This can result in account takeover via session token theft.
|
|||||
| CVE-2021-38704 | 1 Cliniccases | 1 Cliniccases | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Multiple reflected cross-site scripting (XSS) vulnerabilities in ClinicCases 7.3.3 allow unauthenticated attackers to introduce arbitrary JavaScript by crafting a malicious URL. This can result in account takeover via session token theft.
|
|||||
| CVE-2021-38702 | 1 Cyberoamworks | 2 Netgenie C0101b1-20141120-ng11vo, Netgenie C0101b1-20141120-ng11vo Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=[XSS] attacks.
|
|||||
| CVE-2021-38701 | 1 Motorola | 20 T008, T008 Firmware, T100 and 17 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Certain Motorola Solutions Avigilon devices allow XSS in the administrative UI. This affects T200/201 before 4.10.0.68; T290 before 4.4.0.80; T008 before 2.2.0.86; T205 before 4.12.0.62; T204 before 3.28.0.166; and T100, T101, T102, and T103 before 2.6.0.180.
|
|||||
| CVE-2021-38699 | 1 Tastyigniter | 1 Tastyigniter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
TastyIgniter 3.0.7 allows XSS via /account, /reservation, /admin/dashboard, and /admin/system_logs.
|
|||||
| CVE-2021-38695 | 1 Softvibe | 1 Saraban | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SoftVibe SARABAN for INFOMA 1.1 is vulnerable to stored cross-site scripting (XSS) that allows users to store scripts in certain fields (e.g. subject, description) of the document form.
|
|||||
| CVE-2021-38681 | 1 Qnap | 2 Nas, Ragic Cloud Db | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic.
|
|||||
| CVE-2021-38680 | 1 Qnap | 1 Kazoo Server | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Kazoo Server. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Kazoo Server: Kazoo Server 4.11.20 and later
|
|||||
| CVE-2021-38677 | 1 Qnap | 1 Qcalagent | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QcalAgent. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QcalAgent: QcalAgent 1.1.7 and later
|
|||||
| CVE-2021-38675 | 1 Qnap | 2 Image2pdf, Nas | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of Image2PDF: Image2PDF 2.1.5 ( 2021/08/17 ) and later
|
|||||
| CVE-2021-38674 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
|
A cross-site scripting (XSS) vulnerability has been reported to affect QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QuTS hero h4.5.4.1771 build 20210825 and later QTS 4.5.4.1787 build 20210910 and later QuTScloud c4.5.7.1864 and later
|
|||||
| CVE-2021-38619 | 1 Openbaraza | 1 Openbaraza Human Capital Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
openBaraza HCM 3.1.6 does not properly neutralize user-controllable input: an unauthenticated remote attacker can conduct a stored cross-site scripting (XSS) attack against an administrative user from hr/subscription.jsp and hr/application.jsp and and hr/index.jsp (with view=).
|
|||||
| CVE-2021-38607 | 1 Crocoblock | 1 Jetengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Crocoblock JetEngine before 2.6.1 allows XSS by remote authenticated users via a custom form input.
|
|||||
| CVE-2021-38603 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
PluXML 5.8.7 allows core/admin/profil.php stored XSS via the Information field.
|
|||||
| CVE-2021-38602 | 1 Pluxml | 1 Pluxml | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
PluXML 5.8.7 allows Article Editing stored XSS via Headline or Content.
|
|||||