Total
42233 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22499 | 1 Microfocus | 1 Application Performance Management | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
|
Persistent Cross-Site scripting vulnerability in Micro Focus Application Performance Management product, affecting versions 9.40, 9.50 and 9.51. The vulnerability could allow persistent XSS attack.
|
|||||
| CVE-2021-22410 | 1 Huawei | 2 Imaster Nce-fabric, Imaster Nce-fabric Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
There is a XSS injection vulnerability in iMaster NCE-Fabric V100R019C10. A module of the client does not verify the input sufficiently. Attackers can exploit this vulnerability by modifying input after logging onto the client. This may compromise the normal service of the client.
|
|||||
| CVE-2021-22261 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
|
A stored Cross-Site Scripting vulnerability in the Jira integration in all GitLab versions starting from 13.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious Jira API responses
|
|||||
| CVE-2021-22260 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 7.7 HIGH |
|
A stored Cross-Site Scripting vulnerability in the DataDog integration in all versions of GitLab CE/EE starting from 13.7 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to execute arbitrary JavaScript code on the victim's behalf
|
|||||
| CVE-2021-22242 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
Insufficient input sanitization in Mermaid markdown in GitLab CE/EE version 11.4 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
|
|||||
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.
|
|||||
| CVE-2021-22238 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.8 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored XSS by using the design feature in issues.
|
|||||
| CVE-2021-22234 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 9.6 CRITICAL |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.
|
|||||
| CVE-2021-22227 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
A reflected cross-site script vulnerability in GitLab before versions 13.11.6, 13.12.6 and 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on their behalf if they clicked it
|
|||||
| CVE-2021-22225 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.7 MEDIUM |
|
Insufficient input sanitization in markdown in GitLab version 13.11 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted markdown
|
|||||
| CVE-2021-22223 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Client-Side code injection through Feature Flag name in GitLab CE/EE starting with 11.9 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link
|
|||||
| CVE-2021-22220 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.1 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored XSS in blob viewer of notebooks.
|
|||||
| CVE-2021-22199 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored XSS if scoped labels were used.
|
|||||
| CVE-2021-22196 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
|
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site-scripting in merge request via a specifically crafted branch name.
|
|||||
| CVE-2021-22185 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki
|
|||||
| CVE-2021-22183 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
|
An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions.
|
|||||
| CVE-2021-22182 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 3.5 LOW |
|
An issue has been discovered in GitLab affecting all versions starting with 13.7. GitLab was vulnerable to a stored XSS in merge request.
|
|||||
| CVE-2021-22157 | 1 Proofpoint | 1 Insider Threat Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Proofpoint Insider Threat Management Server (formerly ObserveIT Server) before 7.11.1 allows stored XSS.
|
|||||
| CVE-2021-22122 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a reflected cross site scripting attack (XSS) by injecting malicious payload in different vulnerable API end-points.
|
|||||
| CVE-2021-22021 | 1 Vmware | 2 Cloud Foundation, Vrealize Log Insight | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link.
|
|||||
| CVE-2021-22016 | 1 Vmware | 2 Cloud Foundation, Vcenter Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
The vCenter Server contains a reflected cross-site scripting vulnerability due to a lack of input sanitization. An attacker may exploit this issue to execute malicious scripts by tricking a victim into clicking a malicious link.
|
|||||
| CVE-2021-21990 | 1 Vmware | 1 Workspace One Unified Endpoint Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
VMware Workspace one UEM console (2102 prior to 21.2.0.8, 2101 prior to 21.1.0.14, 2011 prior to 20.11.0.27, 2010 prior to 20.10.0.16,2008 prior to 20.8.0.28, 2007 prior to 20.7.0.14,2006 prior to 20.6.0.19, 2005 prior to 20.5.0.46, 2004 prior to 20.4.0.21, 2003 prior to 20.3.0.23, 2001 prior to 20.1.0.32, 1912 prior to 19.12.0.24) contain a cross-site scripting vulnerability. VMware Workspace ONE UEM console does not validate incoming requests during device enrollment after leading to rendering ...
Show More |
|||||
| CVE-2021-21803 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
|||||
| CVE-2021-21802 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
|||||
| CVE-2021-21801 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
|
|||||
| CVE-2021-21800 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
|
|||||
| CVE-2021-21799 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
|
|||||
| CVE-2021-21747 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
|
|||||
| CVE-2021-21746 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
|
|||||
| CVE-2021-21738 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>
|
|||||
| CVE-2021-21700 | 1 Jenkins | 1 Scriptler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
|
|||||
| CVE-2021-21699 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2021-21668 | 1 Jenkins | 1 Scriptler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
|
|||||
| CVE-2021-21667 | 1 Jenkins | 1 Scriptler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
|
|||||
| CVE-2021-21666 | 1 Jenkins | 1 Kiuwan | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2021-21660 | 1 Jenkins | 1 Markdown Formatter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.
|
|||||
| CVE-2021-21649 | 1 Jenkins | 1 Dashboard View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
|
|||||
| CVE-2021-21648 | 1 Jenkins | 1 Credentials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
|
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
|
|||||
| CVE-2021-21635 | 1 Jenkins | 1 Rest List Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||
| CVE-2021-21630 | 1 Jenkins | 1 Extra Columns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
|
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
|
|||||