Total
37537 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3224 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | |||||
| CVE-2021-3210 | 1 Bloodhound Project | 1 Bloodhound | 2024-11-21 | 9.3 HIGH | 9.6 CRITICAL |
| components/Modals/HelpTexts/GenericAll/GenericAll.jsx in Bloodhound <= 4.0.1 allows remote attackers to execute arbitrary system commands when the victim imports a malicious data file containing JavaScript in the objectId parameter. | |||||
| CVE-2021-3184 | 1 Misp | 1 Misp | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| MISP 2.4.136 has XSS via a crafted URL to the app/View/Elements/global_menu.ctp user homepage favourite button. | |||||
| CVE-2021-3163 | 1 Slab | 1 Quill | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the HTML editor of Slab Quill 4.8.0 allows an attacker to execute arbitrary JavaScript by storing an XSS payload (a crafted onloadstart attribute of an IMG element) in a text field. Note: Researchers have claimed that this issue is not within the product itself, but is intended behavior in a web browser | |||||
| CVE-2021-3159 | 1 Landray | 1 Landray Ekp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file. | |||||
| CVE-2021-3151 | 1 I-doit | 1 I-doit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| i-doit before 1.16.0 is affected by Stored Cross-Site Scripting (XSS) issues that could allow remote authenticated attackers to inject arbitrary web script or HTML via C__MONITORING__CONFIG__TITLE, SM2__C__MONITORING__CONFIG__TITLE, C__MONITORING__CONFIG__PATH, SM2__C__MONITORING__CONFIG__PATH, C__MONITORING__CONFIG__ADDRESS, or SM2__C__MONITORING__CONFIG__ADDRESS. | |||||
| CVE-2021-3150 | 1 Cryptshare | 1 Cryptshare Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability on the Delete Personal Data page in Cryptshare Server before 4.8.0 allows an attacker to inject arbitrary web script or HTML via the user name. The issue is fixed with the version 4.8.1 | |||||
| CVE-2021-3137 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XWiki 12.10.2 allows XSS via an SVG document to the upload feature of the comment section. | |||||
| CVE-2021-3135 | 1 Tagdiv | 1 Newspaper | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. It allows XSS via the wp-admin/admin-ajax.php td_block_id parameter in a td_ajax_block API call. | |||||
| CVE-2021-3124 | 1 Newtarget | 1 Custom Global Variables | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) in form field in robust.systems product Custom Global Variables v 1.0.5 allows a remote attacker to inject arbitrary code via the vars[0][name] field. | |||||
| CVE-2021-3111 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The Express Entries Dashboard in Concrete5 8.5.4 allows stored XSS via the name field of a new data object at an index.php/dashboard/express/entries/view/ URI. | |||||
| CVE-2021-3052 | 1 Paloaltonetworks | 1 Pan-os | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| A reflected cross-site scripting (XSS) vulnerability in the Palo Alto Network PAN-OS web interface enables an authenticated network-based attacker to mislead another authenticated PAN-OS administrator to click on a specially crafted link that performs arbitrary actions in the PAN-OS web interface as the targeted authenticated administrator. This issue impacts: PAN-OS 8.1 versions earlier than 8.1.20; PAN-OS 9.0 versions earlier than 9.0.14; PAN-OS 9.1 versions earlier than 9.1.10; PAN-OS 10.0 versions earlier than 10.0.2. This issue does not affect Prisma Access. | |||||
| CVE-2021-3043 | 1 Paloaltonetworks | 1 Prisma Cloud | 2024-11-21 | 3.5 LOW | 7.5 HIGH |
| A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439. | |||||
| CVE-2021-3026 | 1 Invisioncommunity | 1 Ips Community Suite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment. | |||||
| CVE-2021-3014 | 1 Mikrotik | 1 Routeros | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter. | |||||
| CVE-2021-3012 | 1 Esri | 1 Arcgis Enterprise | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab). | |||||
| CVE-2021-3010 | 1 Opentext | 1 Content Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized. | |||||
| CVE-2021-3002 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | |||||
| CVE-2021-39946 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 3.5 LOW | 8.7 HIGH |
| Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis | |||||
| CVE-2021-39910 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 4.3 MEDIUM | 2.6 LOW |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. | |||||