Total
37414 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-35493 | 1 Tibco | 3 Webfocus Client, Webfocus Installer, Webfocus Reporting Server | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below. | |||||
| CVE-2021-35490 | 1 Thruk | 1 Thruk | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Thruk before 2.44 allows XSS for a quick command. | |||||
| CVE-2021-35489 | 1 Thruk | 1 Thruk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it. | |||||
| CVE-2021-35488 | 1 Thruk | 1 Thruk | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it. | |||||
| CVE-2021-35479 | 1 Nagios | 1 Log Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. | |||||
| CVE-2021-35478 | 1 Nagios | 1 Log Server | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page. | |||||
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | |||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. | |||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. | |||||
| CVE-2021-35440 | 1 Smashing Project | 1 Smashing | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker. | |||||
| CVE-2021-35438 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | |||||
| CVE-2021-35415 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. | |||||
| CVE-2021-35377 | 1 Vicidial | 1 Vicidial | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability found in VICIdial v2.14-610c and v.2.10-415c allows attackers execute arbitrary code via the /agc/vicidial.php, agc/vicidial-greay.php, and /vicidial/KHOMP_admin.php parameters. | |||||
| CVE-2021-35361 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | |||||
| CVE-2021-35360 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | |||||
| CVE-2021-35358 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. | |||||
| CVE-2021-35323 | 1 Bludit | 1 Bludit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | |||||
| CVE-2021-35303 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | |||||
| CVE-2021-35298 | 1 Zammad | 1 Zammad | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. | |||||
| CVE-2021-35265 | 1 Maxsite | 1 Maxsite Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. | |||||