Total
37365 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31835 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 4.3 MEDIUM | 4.8 MEDIUM |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via a specific parameter where the administrator's entries were not correctly sanitized. | |||||
| CVE-2021-31834 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | |||||
| CVE-2021-31832 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 3.5 LOW | 5.2 MEDIUM |
| Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. | |||||
| CVE-2021-31830 | 1 Mcafee | 1 Database Security | 2024-11-21 | 3.5 LOW | 5.9 MEDIUM |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database. | |||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | |||||
| CVE-2021-31803 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581). | |||||
| CVE-2021-31794 | 1 Directum | 1 Directum | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. | |||||
| CVE-2021-31792 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field | |||||
| CVE-2021-31778 | 1 Media2click Project | 1 Media2click | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account. | |||||
| CVE-2021-31761 | 1 Webmin | 1 Webmin | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | |||||
| CVE-2021-31738 | 1 Adiscon | 1 Loganalyzer | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. | |||||
| CVE-2021-31721 | 1 Chevereto | 1 Chevereto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. | |||||
| CVE-2021-31712 | 1 React Draft Wysiwyg Project | 1 React Draft Wysiwyg | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. | |||||
| CVE-2021-31682 | 1 Automatedlogic | 1 Webctrl | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. | |||||
| CVE-2021-31676 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction. | |||||
| CVE-2021-31674 | 1 Cyclos | 1 Cyclos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. | |||||
| CVE-2021-31673 | 1 Cyclos | 1 Cyclos | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. | |||||
| CVE-2021-31655 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi. | |||||
| CVE-2021-31651 | 1 Neofr | 1 Neofrag | 2024-11-21 | N/A | 4.8 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings. | |||||
| CVE-2021-31643 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. | |||||