Total
37576 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45085 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | |||||
| CVE-2021-45071 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | |||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2021-45018 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). | |||||
| CVE-2021-44970 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. | |||||
| CVE-2021-44969 | 1 Taogogo | 1 Taocms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. | |||||
| CVE-2021-44916 | 1 Opmantek | 1 Open-audit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Opmantek Open-AudIT Community 4.2.0 (Fixed in 4.3.0) is affected by a Cross Site Scripting (XSS) vulnerability. If a bad value is passed to the routine via a URL, malicious JavaScript code can be executed in the victim's browser. | |||||
| CVE-2021-44912 | 1 Xpressengine | 1 Xpressengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In XE 1.116, when uploading the Normal button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. If the .htaccess configuration is improper, for example before the XE 1.11.2 version, you can upload the PHP type file to GETSHELL. | |||||
| CVE-2021-44911 | 1 Xpressengine | 1 Xpressengine | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XE before 1.11.6 is vulnerable to Unrestricted file upload via modules/menu/menu.admin.controller.php. When uploading the Mouse over button and When selected button, there is no restriction on the file suffix, which leads to any file uploading to the files directory. Since .htaccess only restricts the PHP type, uploading HTML-type files leads to stored XSS vulnerabilities. | |||||
| CVE-2021-44896 | 1 Dmproadmap Project | 1 Dmproadmap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| DMP Roadmap before 3.0.4 allows XSS. | |||||
| CVE-2021-44829 | 1 Afi-solutions | 1 Webacms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter. | |||||
| CVE-2021-44791 | 1 Apache | 1 Druid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache Druid 0.22.1 and earlier, certain specially-crafted links result in unescaped URL parameters being sent back in HTML responses. This makes it possible to execute reflected XSS attacks. | |||||
| CVE-2021-44775 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) issue in Website app of Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | |||||
| CVE-2021-44760 | 1 Wp-downloadmanager Project | 1 Wp-downloadmanager | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Auth. (admin+) Reflected Cross-Site Scripting (XSS) vulnerability discovered in WP-DownloadManager plugin <= 1.68.6 versions. | |||||
| CVE-2021-44749 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser protection was discovered improper URL handling can be triggered to cause universal cross-site scripting through browsing protection in a SAFE web browser. User interaction is required prior to exploitation. A successful exploitation may lead to arbitrary code execution. | |||||
| CVE-2021-44748 | 1 F-secure | 1 Safe | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability affecting F-Secure SAFE browser was discovered whereby browsers loads images automatically this vulnerability can be exploited remotely by an attacker to execute the JavaScript can be used to trigger universal cross-site scripting through the browser. User interaction is required prior to exploitation, such as entering a malicious website to trigger the vulnerability. | |||||
| CVE-2021-44726 | 1 Knime | 1 Knime Server | 2024-11-21 | 4.3 MEDIUM | 8.8 HIGH |
| KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. | |||||
| CVE-2021-44667 | 1 Alibaba | 1 Nacos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exists in Nacos 2.0.3 in auth/users via the (1) pageSize and (2) pageNo parameters. | |||||
| CVE-2021-44662 | 1 Nottingham.ac | 1 Xerte Online Toolkits | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Site Scripting (XSS) vulnerability exists in the Xerte Project Xerte through 3.8.4 via the link parameter in print.php. | |||||
| CVE-2021-44649 | 1 Django-cms | 1 Django Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Django CMS 3.7.3 does not validate the plugin_type parameter while generating error messages for an invalid plugin type, resulting in a Cross Site Scripting (XSS) vulnerability. The vulnerability allows an attacker to execute arbitrary JavaScript code in the web browser of the affected user. | |||||