Total
37549 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-42119 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
| Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover. | |||||
| CVE-2021-42118 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 3.5 LOW | 8.1 HIGH |
| Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Structure Component allows an authenticated remote attacker with Object Modification privileges to inject arbitrary HTML and JavaScript code in an object attribute, which is then rendered in the Structure Component, to alter the intended functionality and steal cookies, the latter allowing for account takeover. | |||||
| CVE-2021-42117 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Insufficient Input Validation in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 allows an authenticated remote attacker with Object Modification privileges to insert arbitrary HTML without code execution. | |||||
| CVE-2021-42112 | 1 Limesurvey | 1 Limesurvey | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. | |||||
| CVE-2021-42092 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket. | |||||
| CVE-2021-42088 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled. | |||||
| CVE-2021-42085 | 1 Zammad | 1 Zammad | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar. | |||||
| CVE-2021-42083 | 3 Linux, Microsoft, Osnexus | 3 Linux Kernel, Windows, Quantastor | 2024-11-21 | N/A | 8.7 HIGH |
| An authenticated attacker is able to create alerts that trigger a stored XSS attack. | |||||
| CVE-2021-42080 | 1 Osnexus | 1 Quantastor | 2024-11-21 | N/A | 7.4 HIGH |
| An attacker is able to launch a Reflected XSS attack using a crafted URL. | |||||
| CVE-2021-42078 | 1 Php Event Calendar Project | 1 Php Event Calendar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHP Event Calendar through 2021-11-04 allows persistent cross-site scripting (XSS), as demonstrated by the /server/ajax/events_manager.php title parameter. This can be exploited by an adversary in multiple ways, e.g., to perform actions on the page in the context of other users, or to deface the site. | |||||
| CVE-2021-42063 | 1 Sap | 1 Knowledge Warehouse | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability has been discovered in the SAP Knowledge Warehouse - versions 7.30, 7.31, 7.40, 7.50. The usage of one SAP KW component within a Web browser enables unauthorized attackers to conduct XSS attacks, which might lead to disclose sensitive data. | |||||
| CVE-2021-42061 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow. | |||||
| CVE-2021-42053 | 1 Django-unicorn | 1 Unicorn | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The Unicorn framework through 0.35.3 for Django allows XSS via component.name. | |||||
| CVE-2021-42051 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. | |||||
| CVE-2021-42050 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. | |||||
| CVE-2021-42048 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 4.8 MEDIUM |
| An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits. | |||||
| CVE-2021-42047 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback. | |||||
| CVE-2021-42046 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 6.1 MEDIUM |
| An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript. | |||||
| CVE-2021-42045 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | N/A | 5.4 MEDIUM |
| An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. | |||||
| CVE-2021-42044 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | |||||