Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26799 | 1 Omeka | 1 Omeka | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML.
|
|||||
| CVE-2021-26787 | 1 Genesys | 1 Workforce Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter.
|
|||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name.
|
|||||
| CVE-2021-26746 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI.
|
|||||
| CVE-2021-26723 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS.
|
|||||
| CVE-2021-26722 | 1 Linkedin | 1 Oncall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar.
|
|||||
| CVE-2021-26716 | 1 Openenergymonitor | 1 Emoncms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter.
|
|||||
| CVE-2021-26710 | 1 Redwood | 1 Report2web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter.
|
|||||
| CVE-2021-26702 | 1 Eprints | 1 Eprints | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI.
|
|||||
| CVE-2021-26698 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used.
|
|||||
| CVE-2021-26682 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface.
|
|||||
| CVE-2021-26678 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the con ...
Show More |
|||||
| CVE-2021-26636 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
|
Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation.
|
|||||
| CVE-2021-26628 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
|
Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files.
|
|||||
| CVE-2021-26596 | 1 Nokia | 1 Netact | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used.
|
|||||
| CVE-2021-26587 | 1 Hpe | 12 Storeonce 3620, Storeonce 3620 Firmware, Storeonce 3640 and 9 more | 2024-11-21 | 6.0 MEDIUM | 6.5 MEDIUM |
|
A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce.
|
|||||
| CVE-2021-26584 | 1 Hp | 1 Oneview For Vmware Vcenter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC).
|
|||||
| CVE-2021-26582 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS).
|
|||||
| CVE-2021-26580 | 1 Hpe | 1 Integrated Lights-out Amplifier | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A potential security vulnerability has been identified in HPE iLO Amplifier Pack. The vulnerability could be remotely exploited to allow Cross-Site Scripting (XSS). HPE has provided the following software update to resolve the vulnerability in HPE iLO Amplifier Pack: HPE iLO Amplifier Pack 1.95 or later.
|
|||||
| CVE-2021-26549 | 1 Smartfoxserver | 1 Smartfoxserver | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site.
|
|||||
| CVE-2021-26544 | 1 Apache | 1 Livy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating.
|
|||||
| CVE-2021-26475 | 1 Eprints | 1 Eprints | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI.
|
|||||
| CVE-2021-26304 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter.
|
|||||
| CVE-2021-26303 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field.
|
|||||
| CVE-2021-26263 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
|
Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents.
|
|||||
| CVE-2021-26256 | 1 Ays-pro | 1 Survey Maker | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6).
|
|||||
| CVE-2021-26247 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
|
|||||
| CVE-2021-26230 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php.
|
|||||
| CVE-2021-26227 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php.
|
|||||
| CVE-2021-26224 | 1 Fantastic Blog Project | 1 Fantastic Blog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php.
|
|||||
| CVE-2021-26123 | 1 Livinglogic | 1 Xist4c | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm.
|
|||||
| CVE-2021-26122 | 1 Livinglogic | 1 Xist4c | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm.
|
|||||
| CVE-2021-26092 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
|
Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters.
|
|||||
| CVE-2021-26083 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability.
|
|||||
| CVE-2021-26082 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability.
|
|||||
| CVE-2021-26080 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
|
|||||
| CVE-2021-26079 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
|
|||||
| CVE-2021-26078 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability.
|
|||||
| CVE-2021-26039 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability.
|
|||||
| CVE-2021-26035 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the rules field of the JForm API leads to a XSS vulnerability.
|
|||||