Total
37362 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30212 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter. | |||||
| CVE-2021-30211 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter. | |||||
| CVE-2021-30203 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-30174 | 1 Ruiyanai | 1 Cloudiso | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks. | |||||
| CVE-2021-30172 | 1 Junhetec | 1 Omnidirectional Communication System | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2021-30171 | 1 Junhetec | 1 Enterprise Resource Planning Point Of Sale System | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2021-30170 | 1 Junhetec | 1 Enterprise Resource Planning Point Of Sale System | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2021-30157 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. | |||||
| CVE-2021-30154 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. | |||||
| CVE-2021-30151 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | |||||
| CVE-2021-30150 | 1 Ocproducts | 1 Composr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Composr 10.0.36 allows XSS in an XML script. | |||||
| CVE-2021-30146 | 1 Seafile | 1 Seafile | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | |||||
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | |||||
| CVE-2021-30133 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10. | |||||
| CVE-2021-30125 | 1 Jamf | 1 Jamf | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | |||||
| CVE-2021-30119 | 1 Kaseya | 1 Vsa | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078` | |||||
| CVE-2021-30113 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | |||||
| CVE-2021-30111 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. | |||||
| CVE-2021-30109 | 1 Froala | 1 Froala Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. | |||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | |||||