Total
37194 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23398 | 1 React-bootstrap-table Project | 1 React-bootstrap-table | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. | |||||
| CVE-2021-23347 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 3.5 LOW | 4.7 MEDIUM |
| The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | |||||
| CVE-2021-23342 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 4.3 MEDIUM | 8.6 HIGH |
| This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters | |||||
| CVE-2021-23327 | 1 Fusioncharts | 1 Apexcharts | 2024-11-21 | 4.3 MEDIUM | 6.3 MEDIUM |
| The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields. | |||||
| CVE-2021-23288 | 1 Eaton | 1 Intelligent Power Protector | 2024-11-21 | 2.3 LOW | 5.6 MEDIUM |
| The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. | |||||
| CVE-2021-23287 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 3.5 LOW | 5.6 MEDIUM |
| The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. | |||||
| CVE-2021-23285 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 3.5 LOW | 3.1 LOW |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | |||||
| CVE-2021-23284 | 1 Eaton | 1 Intelligent Power Manager Infrastructure | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | |||||
| CVE-2021-23283 | 1 Eaton | 1 Intelligent Power Protector | 2024-11-21 | 3.5 LOW | 5.2 MEDIUM |
| Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. | |||||
| CVE-2021-23273 | 1 Tibco | 4 Analytics Platform, Spotfire Analyst, Spotfire Desktop and 1 more | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0. | |||||
| CVE-2021-23272 | 1 Tibco | 2 Bpm Enterprise, Bpm Enterprise Distribution For Silver Fabric | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below. | |||||
| CVE-2021-23271 | 1 Tibco | 1 Ebx | 2024-11-21 | 6.0 MEDIUM | 8.0 HIGH |
| The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.12 and below. | |||||
| CVE-2021-23260 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 3.5 LOW | 6.5 MEDIUM |
| Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | |||||
| CVE-2021-23228 | 1 Deltaww | 1 Diaenergie | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. | |||||
| CVE-2021-23225 | 2 Cacti, Debian | 2 Cacti, Debian Linux | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the "new_username" field during creation of a new user via "Copy" method at user_admin.php. | |||||
| CVE-2021-23209 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple Authenticated (admin user role) Persistent Cross-Site Scripting (XSS) vulnerabilities discovered in AMP for WP – Accelerated Mobile Pages WordPress plugin (versions <= 1.0.77.32). | |||||
| CVE-2021-23174 | 1 Wpchill | 1 Download Monitor | 2024-11-21 | 3.5 LOW | 3.4 LOW |
| Authenticated (admin+) Persistent Cross-Site Scripting (XSS) vulnerability discovered in Download Monitor WordPress plugin (versions <= 4.4.6) Vulnerable parameters: &post_title, &downloadable_file_version[0]. | |||||
| CVE-2021-23150 | 1 Ampforwp | 1 Accelerated Mobile Pages | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability discovered in AMP for WP – Accelerated Mobile Pages plugin <= 1.0.77.31 versions. | |||||
| CVE-2021-23130 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of feed fields could lead to xss issues. | |||||
| CVE-2021-23129 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 2.5.0 through 3.9.24. Missing filtering of messages showed to users that could lead to xss issues. | |||||