Total
37302 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26924 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. | |||||
| CVE-2021-26916 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | |||||
| CVE-2021-26903 | 1 Isida | 1 Retriever | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. | |||||
| CVE-2021-26844 | 1 Poweradmin | 1 Pa Server Monitor | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. | |||||
| CVE-2021-26835 | 1 Zettlr | 1 Zettlr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. | |||||
| CVE-2021-26834 | 1 Znote | 1 Znote | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. | |||||
| CVE-2021-26832 | 1 Priority-software | 1 Priority Enterprise Management System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. | |||||
| CVE-2021-26829 | 1 Openplcproject | 1 Scadabr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | |||||
| CVE-2021-26812 | 1 Jitsi | 1 Meet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | |||||
| CVE-2021-26799 | 1 Omeka | 1 Omeka | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2021-26787 | 1 Genesys | 1 Workforce Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. | |||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | |||||
| CVE-2021-26746 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | |||||
| CVE-2021-26723 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | |||||
| CVE-2021-26722 | 1 Linkedin | 1 Oncall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. | |||||
| CVE-2021-26716 | 1 Openenergymonitor | 1 Emoncms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. | |||||
| CVE-2021-26710 | 1 Redwood | 1 Report2web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. | |||||
| CVE-2021-26702 | 1 Eprints | 1 Eprints | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. | |||||
| CVE-2021-26698 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | |||||
| CVE-2021-26682 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. | |||||