Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36092 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions.
|
|||||
| CVE-2021-36063 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2021-36062 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
|
Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
|
|||||
| CVE-2021-36027 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2021-36026 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
|
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
|
|||||
| CVE-2021-35976 | 1 Plesk | 1 Obsidian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability.
|
|||||
| CVE-2021-35959 | 1 Plone | 1 Plone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field.
|
|||||
| CVE-2021-35956 | 1 Akcp | 10 Sensorprobe2, Sensorprobe2 Firmware, Sensorprobe4 and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields.
|
|||||
| CVE-2021-35955 | 1 Contao | 1 Contao | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7.
|
|||||
| CVE-2021-35513 | 1 Mermaid Project | 1 Mermaid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Mermaid before 8.11.0 allows XSS when the antiscript feature is used.
|
|||||
| CVE-2021-35506 | 1 Afian | 1 Filerun | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action.
|
|||||
| CVE-2021-35503 | 1 Afian | 1 Filerun | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs.
|
|||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed.
|
|||||
| CVE-2021-35499 | 1 Tibco | 1 Nimbus | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
|
The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4. ...
Show More |
|||||
| CVE-2021-35493 | 1 Tibco | 3 Webfocus Client, Webfocus Installer, Webfocus Reporting Server | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
|
The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human inter ...
Show More |
|||||
| CVE-2021-35490 | 1 Thruk | 1 Thruk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Thruk before 2.44 allows XSS for a quick command.
|
|||||
| CVE-2021-35489 | 1 Thruk | 1 Thruk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it.
|
|||||
| CVE-2021-35488 | 1 Thruk | 1 Thruk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it.
|
|||||
| CVE-2021-35479 | 1 Nagios | 1 Log Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page.
|
|||||
| CVE-2021-35478 | 1 Nagios | 1 Log Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page.
|
|||||
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties.
|
|||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter.
|
|||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application.
|
|||||
| CVE-2021-35440 | 1 Smashing Project | 1 Smashing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker.
|
|||||
| CVE-2021-35415 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields.
|
|||||
| CVE-2021-35377 | 1 Vicidial | 1 Vicidial | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters.
|
|||||
| CVE-2021-35361 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
|
|||||
| CVE-2021-35360 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload.
|
|||||
| CVE-2021-35358 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters.
|
|||||
| CVE-2021-35323 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login.
|
|||||
| CVE-2021-35303 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute.
|
|||||
| CVE-2021-35298 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information.
|
|||||
| CVE-2021-35265 | 1 Maxsite | 1 Maxsite Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page.
|
|||||
| CVE-2021-35240 | 2 Microsoft, Solarwinds | 2 Internet Explorer, Orion Platform | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'.
|
|||||
| CVE-2021-35239 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
|
A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink.
|
|||||
| CVE-2021-35238 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website.
|
|||||
| CVE-2021-35229 | 1 Solarwinds | 2 Database Performance Analyzer, Database Performance Monitor | 2024-11-21 | 4.3 MEDIUM | 6.8 MEDIUM |
|
Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query
|
|||||
| CVE-2021-35228 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 2.6 LOW | 5.5 MEDIUM |
|
This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim.
|
|||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 4.6 MEDIUM | 4.7 MEDIUM |
|
The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available.
|
|||||
| CVE-2021-35222 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 4.3 MEDIUM | 8.0 HIGH |
|
This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page.
|
|||||