Total
37365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32544 | 1 Igt\+ Project | 1 Igt\+ | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks. | |||||
| CVE-2021-32542 | 1 Sysjust | 1 Cts Web | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack. | |||||
| CVE-2021-32540 | 1 Hundredplus | 1 101eip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack. | |||||
| CVE-2021-32539 | 1 Hundredplus | 1 101eip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack. | |||||
| CVE-2021-32536 | 1 Mcusystem | 1 Mcusystem | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. | |||||
| CVE-2021-32482 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. | |||||
| CVE-2021-32481 | 1 Cloudera | 1 Hue | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Hue 4.6.0 allows XSS via the type parameter. | |||||
| CVE-2021-32478 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | |||||
| CVE-2021-32475 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2021-32470 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.6.13 has an XSS vulnerability. | |||||
| CVE-2021-32426 | 1 Trendnet | 2 Tw100-s4w1ca, Tw100-s4w1ca Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In TrendNet TW100-S4W1CA 2.3.32, it is possible to inject arbitrary JavaScript into the router's web interface via the "echo" command. | |||||
| CVE-2021-32302 | 1 Irz | 2 Ruh2, Ruh2 Firmware | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross Site Scripting vulnerability in IRZ Electronics RUH2 GSM router allows attacker to obtain sensitive information via the Upload File parameter. | |||||
| CVE-2021-32245 | 1 Pagekit | 1 Pagekit | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack. | |||||
| CVE-2021-32244 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field. | |||||
| CVE-2021-32233 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SmarterTools SmarterMail before Build 7776 allows XSS. | |||||
| CVE-2021-32202 | 1 Cs-cart | 1 Cs-cart | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In CS-Cart version 4.11.1, it is possible to induce copy-paste XSS by manipulating the "post description" filed in the blog post creation page. | |||||
| CVE-2021-32161 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the File Manager feature. | |||||
| CVE-2021-32160 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 through the Add Users feature. | |||||
| CVE-2021-32158 | 1 Webmin | 1 Webmin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Upload and Download feature. | |||||
| CVE-2021-32157 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| A Cross-Site Scripting (XSS) vulnerability exists in Webmin 1.973 via the Scheduled Cron Jobs feature. | |||||