Vulnerabilities (CVE)

Filtered by CWE-79
Total 37365 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-31641 1 Chiyu-tech 30 Bf-430, Bf-430 Firmware, Bf-431 and 27 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated.
CVE-2021-31589 1 Beyondtrust 1 Appliance Base Software 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization.
CVE-2021-31583 1 Sipwise 1 Next Generation Communication Platform 2024-11-21 3.5 LOW 5.4 MEDIUM
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang).
CVE-2021-31558 1 Deltaww 1 Diaenergie 2024-11-21 4.3 MEDIUM 6.5 MEDIUM
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”.
CVE-2021-31551 1 Mediawiki 1 Mediawiki 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages.
CVE-2021-31550 1 Mediawiki 1 Mediawiki 2024-11-21 3.5 LOW 5.4 MEDIUM
An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers.
CVE-2021-31537 1 Sisinformatik 1 Sis-rewe Go 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters).
CVE-2021-31521 1 Trendmicro 1 Interscan Web Security Virtual Appliance 2024-11-21 3.5 LOW 5.4 MEDIUM
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal.
CVE-2021-31373 1 Juniper 28 Junos, Srx100, Srx110 and 25 more 2024-11-21 3.5 LOW 8.0 HIGH
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3.
CVE-2021-31355 1 Juniper 1 Junos 2024-11-21 3.5 LOW 8.0 HIGH
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2.
CVE-2021-31330 1 Reviewboard 1 Review Board 2024-11-21 3.5 LOW 5.4 MEDIUM
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent.
CVE-2021-31329 1 Remoteclinic 1 Remote Clinic 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php
CVE-2021-31327 1 Remoteclinic 1 Remote Clinic 2024-11-21 3.5 LOW 5.4 MEDIUM
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field.
CVE-2021-31274 1 Librenms 1 Librenms 2024-11-21 3.5 LOW 5.4 MEDIUM
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed.
CVE-2021-31250 1 Chiyu-tech 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more 2024-11-21 3.5 LOW 5.4 MEDIUM
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi.
CVE-2021-30890 3 Apple, Debian, Fedoraproject 7 Ipados, Iphone Os, Macos and 4 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2021-30744 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2021-30689 1 Apple 6 Ipados, Iphone Os, Macos and 3 more 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
CVE-2021-30650 1 Broadcom 1 Layer7 Api Management Oauth Toolkit 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application.
CVE-2021-30637 1 Htmly 1 Htmly 2024-11-21 3.5 LOW 5.4 MEDIUM
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php.