Total
37365 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-31641 | 1 Chiyu-tech | 30 Bf-430, Bf-430 Firmware, Bf-431 and 27 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. | |||||
CVE-2021-31589 | 1 Beyondtrust | 1 Appliance Base Software | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. | |||||
CVE-2021-31583 | 1 Sipwise | 1 Next Generation Communication Platform | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Sipwise C5 NGCP WWW Admin version 3.6.7 up to and including platform version NGCP CE 3.0 has multiple authenticated stored and reflected XSS vulnerabilities when input passed via several parameters to several scripts is not properly sanitized before being returned to the user: Stored XSS in callforward/time/set/save (POST tsetname); Reflected XSS in addressbook (GET filter); Stored XSS in addressbook/save (POST firstname, lastname, company); and Reflected XSS in statistics/versions (GET lang). | |||||
CVE-2021-31558 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script “DIAE_hierarchyHandler.ashx”. | |||||
CVE-2021-31551 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
An issue was discovered in the PageForms extension for MediaWiki through 1.35.2. Crafted payloads for Token-related query parameters allowed for XSS on certain PageForms-managed MediaWiki pages. | |||||
CVE-2021-31550 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
An issue was discovered in the CommentBox extension for MediaWiki through 1.35.2. Via crafted configuration variables, a malicious actor could introduce XSS payloads into various layers. | |||||
CVE-2021-31537 | 1 Sisinformatik | 1 Sis-rewe Go | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
SIS SIS-REWE Go before 7.7 SP17 allows XSS: rewe/prod/web/index.php (affected parameters are config, version, win, db, pwd, and user) and /rewe/prod/web/rewe_go_check.php (version and all other parameters). | |||||
CVE-2021-31521 | 1 Trendmicro | 1 Interscan Web Security Virtual Appliance | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Trend Micro InterScan Web Security Virtual Appliance version 6.5 was found to have a reflected cross-site scripting (XSS) vulnerability in the product's Captive Portal. | |||||
CVE-2021-31373 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3. | |||||
CVE-2021-31355 | 1 Juniper | 1 Junos | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2. | |||||
CVE-2021-31330 | 1 Reviewboard | 1 Review Board | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. | |||||
CVE-2021-31329 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php | |||||
CVE-2021-31327 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. | |||||
CVE-2021-31274 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. | |||||
CVE-2021-31250 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi. | |||||
CVE-2021-30890 | 3 Apple, Debian, Fedoraproject | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2021-30744 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2021-30689 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
CVE-2021-30650 | 1 Broadcom | 1 Layer7 Api Management Oauth Toolkit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application. | |||||
CVE-2021-30637 | 1 Htmly | 1 Htmly | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. |