Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32244 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
|
|||||
| CVE-2021-32233 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SmarterTools SmarterMail before Build 7776 allows XSS.
|
|||||
| CVE-2021-32202 | 1 Cs-cart | 1 Cs-cart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page.
|
|||||
| CVE-2021-32161 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature.
|
|||||
| CVE-2021-32160 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature.
|
|||||
| CVE-2021-32158 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature.
|
|||||
| CVE-2021-32157 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature.
|
|||||
| CVE-2021-32106 | 1 Icecoder | 1 Icecoder | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.
|
|||||
| CVE-2021-32103 | 1 Open-emr | 1 Openemr | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
|
|||||
| CVE-2021-32092 | 1 Nsa | 1 Emissary | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability in the DocumentAction component of U.S. National Security Agency (NSA) Emissary 5.9.0 allows remote attackers to inject arbitrary web script or HTML via the uuid parameter.
|
|||||
| CVE-2021-32091 | 1 Localstack | 1 Localstack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Cross-site scripting (XSS) vulnerability exists in StackLift LocalStack 0.12.6.
|
|||||
| CVE-2021-32052 | 3 Djangoproject, Fedoraproject, Python | 3 Django, Fedora, Python | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In Django 2.2 before 2.2.22, 3.1 before 3.1.10, and 3.2 before 3.2.2 (with Python 3.9.5+), URLValidator does not prohibit newlines and tabs (unless the URLField form field is used). If an application uses values with newlines in an HTTP response, header injection can occur. Django itself is unaffected because HttpResponse prohibits newlines in HTTP headers.
|
|||||
| CVE-2021-32019 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP.
|
|||||
| CVE-2021-32009 | 1 Secomea | 1 Gatemanager | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in firmware section of Secomea GateManager allows logged in user to inject javascript in browser session. This issue affects: Secomea GateManager Version 9.6.621421014 and all prior versions.
|
|||||
| CVE-2021-32005 | 1 Secomea | 18 Sitemanager 1129, Sitemanager 1129 Firmware, Sitemanager 1139 and 15 more | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
|
Cross-site Scripting (XSS) vulnerability in log view of Secomea SiteManager allows a logged in user to store javascript for later execution. This issue affects: Secomea SiteManager Version 9.6.621421014 and all prior versions.
|
|||||
| CVE-2021-31935 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
|
|||||
| CVE-2021-31934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
|
|||||
| CVE-2021-31930 | 1 Concerto-signage | 1 Concerto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Persistent cross-site scripting (XSS) in the web interface of Concerto through 2.3.6 allows an unauthenticated remote attacker to introduce arbitrary JavaScript by injecting an XSS payload into the First Name or Last Name parameter upon registration. When a privileged user attempts to delete the account, the XSS payload will be executed.
|
|||||
| CVE-2021-31911 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages.
|
|||||
| CVE-2021-31908 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
|
|||||
| CVE-2021-31904 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page.
|
|||||
| CVE-2021-31903 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
In JetBrains YouTrack before 2021.1.9819, a pull request's title was sanitized insufficiently, leading to XSS.
|
|||||
| CVE-2021-31862 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
SysAid 20.4.74 allows XSS via the KeepAlive.jsp stamp parameter without any authentication.
|
|||||
| CVE-2021-31858 | 1 Dnnsoftware | 1 Dotnetnuke | 2024-11-21 | N/A | 5.4 MEDIUM |
|
DotNetNuke (DNN) 9.9.1 CMS is vulnerable to a Stored Cross-Site Scripting vulnerability in the user profile biography section which allows remote authenticated users to inject arbitrary code via a crafted payload.
|
|||||
| CVE-2021-31852 | 1 Mcafee | 1 Policy Auditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the UID request parameter. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extract of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
|
|||||
| CVE-2021-31851 | 1 Mcafee | 1 Policy Auditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A Reflected Cross-Site Scripting vulnerability in McAfee Policy Auditor prior to 6.5.2 allows a remote unauthenticated attacker to inject arbitrary web script or HTML via the profileNodeID request parameters. The malicious script is reflected unmodified into the Policy Auditor web-based interface which could lead to the extraction of end user session token or login credentials. These may be used to access additional security-critical applications or conduct arbitrary cross-domain requests.
|
|||||
| CVE-2021-31848 | 1 Mcafee | 1 Data Loss Prevention Endpoint | 2024-11-21 | 3.5 LOW | 8.4 HIGH |
|
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
|
|||||
| CVE-2021-31835 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.3 MEDIUM | 4.8 MEDIUM |
|
Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized.
|
|||||
| CVE-2021-31834 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
|
|||||
| CVE-2021-31832 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 3.5 LOW | 5.2 MEDIUM |
|
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
|
|||||
| CVE-2021-31830 | 1 Mcafee | 1 Database Security | 2024-11-21 | 3.5 LOW | 5.9 MEDIUM |
|
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.
|
|||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
|
|||||
| CVE-2021-31803 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581).
|
|||||
| CVE-2021-31794 | 1 Directum | 1 Directum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header.
|
|||||
| CVE-2021-31792 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
|
|||||
| CVE-2021-31778 | 1 Media2click Project | 1 Media2click | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account.
|
|||||
| CVE-2021-31761 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
|
Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature.
|
|||||
| CVE-2021-31738 | 1 Adiscon | 1 Loganalyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS.
|
|||||
| CVE-2021-31721 | 1 Chevereto | 1 Chevereto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage.
|
|||||
| CVE-2021-31712 | 1 React Draft Wysiwyg Project | 1 React Draft Wysiwyg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
|
|||||