Total
37653 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-4139 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.0 MEDIUM | 9.0 CRITICAL |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4132 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4124 | 1 Meetecho | 1 Janus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4121 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4116 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4108 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4107 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4103 | 1 B3log | 1 Vditor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | |||||
| CVE-2021-4084 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4081 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4074 | 1 I-plugins | 1 Whmcs Bridge | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| The WHMCS Bridge WordPress plugin is vulnerable to Stored Cross-Site Scripting via the cc_whmcs_bridge_url parameter found in the ~/whmcs-bridge/bridge_cp.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 6.1. Due to missing authorization checks on the cc_whmcs_bridge_add_admin function, low-level authenticated users such as subscribers can exploit this vulnerability. | |||||
| CVE-2021-4072 | 1 Elgg | 1 Elgg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4050 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4046 | 1 Tcman | 1 Gim | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. | |||||
| CVE-2021-4038 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. | |||||
| CVE-2021-4035 | 1 Wocu-monitoring | 1 Wocu Monitoring | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. | |||||
| CVE-2021-4020 | 1 Meetecho | 1 Janus | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-46889 | 1 10web | 1 Photo Gallery | 2024-11-21 | N/A | 6.1 MEDIUM |
| The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. | |||||
| CVE-2021-46888 | 1 Hledger | 1 Hledger | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in hledger before 1.23. A Stored Cross-Site Scripting (XSS) vulnerability exists in toBloodhoundJson that allows an attacker to execute JavaScript by encoding user-controlled values in a payload with base64 and parsing them with the atob function. | |||||