Total
37538 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3811 | 1 Pi-hole | 1 Web Interface | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3785 | 1 Yourls | 1 Yourls | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3783 | 1 Yourls | 1 Yourls | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3780 | 1 Framasoft | 1 Peertube | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3768 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3767 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3694 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 6.8 MEDIUM | 8.2 HIGH |
| LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | |||||
| CVE-2021-3693 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | |||||
| CVE-2021-3672 | 6 C-ares Project, Fedoraproject, Nodejs and 3 more | 17 C-ares, Fedora, Node.js and 14 more | 2024-11-21 | 6.8 MEDIUM | 5.6 MEDIUM |
| A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | |||||
| CVE-2021-3662 | 1 Hp | 2 Futuresmart 4, Futuresmart 5 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). | |||||
| CVE-2021-3646 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3628 | 1 Openkm | 1 Openkm | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter. | |||||
| CVE-2021-3619 | 1 Rapid7 | 1 Velociraptor | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Rapid7 Velociraptor 0.5.9 and prior is vulnerable to a post-authentication persistent cross-site scripting (XSS) issue, where an authenticated user could abuse MIME filetype sniffing to embed executable code on a malicious upload. This issue was fixed in version 0.6.0. Note that login rights to Velociraptor is nearly always reserved for trusted and verified users with IT security backgrounds. | |||||
| CVE-2021-3539 | 1 Espocrm | 1 Espocrm | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product. | |||||
| CVE-2021-3536 | 1 Redhat | 9 Build Of Quarkus, Data Grid, Descision Manager and 6 more | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A flaw was found in Wildfly in versions before 23.0.2.Final while creating a new role in domain mode via the admin console, it is possible to add a payload in the name field, leading to XSS. This affects Confidentiality and Integrity. | |||||
| CVE-2021-3535 | 1 Rapid7 | 1 Nexpose | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| Rapid7 Nexpose is vulnerable to a non-persistent cross-site scripting vulnerability affecting the Security Console's Filtered Asset Search feature. A specific search criterion and operator combination in Filtered Asset Search could have allowed a user to pass code through the provided search field. This issue affects version 6.6.80 and prior, and is fixed in 6.6.81. If your Security Console currently falls on or within this affected version range, ensure that you update your Security Console to the latest version. | |||||
| CVE-2021-3529 | 1 Redhat | 2 Noobaa-operator, Openshift Container Platform | 2024-11-21 | 6.8 MEDIUM | 7.1 HIGH |
| A flaw was found in noobaa-core in versions before 5.7.0. This flaw results in the name of an arbitrarily URL being copied into an HTML document as plain text between tags, including potentially a payload script. The input was echoed unmodified in the application response, resulting in arbitrary JavaScript being injected into an application's response. The highest threat to the system is for confidentiality, availability, and integrity. | |||||
| CVE-2021-3509 | 1 Redhat | 1 Ceph Storage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A flaw was found in Red Hat Ceph Storage 4, in the Dashboard component. In response to CVE-2020-27839, the JWT token was moved from localStorage to an httpOnly cookie. However, token cookies are used in the body of the HTTP response for the documentation, which again makes it available to XSS.The greatest threat to the system is for confidentiality, integrity, and availability. | |||||
| CVE-2021-3486 | 1 Glpi-project | 1 Glpi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| GLPi 9.5.4 does not sanitize the metadata. This way its possible to insert XSS into plugins to execute JavaScript code. | |||||
| CVE-2021-3441 | 1 Hp | 2 Officejet 7110, Officejet 7110 Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A potential security vulnerability has been identified for the HP OfficeJet 7110 Wide Format ePrinter that enables Cross-Site Scripting (XSS). | |||||