Total
38028 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45479 | 1 Yordam | 1 Library Automation System | 2024-11-21 | N/A | 5.4 MEDIUM |
| Improper Neutralization of Input During Web Page Generation vulnerability in Yordam Information Technologies Library Automation System allows Stored XSS.This issue affects Library Automation System: before 19.2. | |||||
| CVE-2021-45476 | 1 Yordam | 1 Library Automation System | 2024-11-21 | N/A | 4.7 MEDIUM |
| Yordam Library Information Document Automation product before version 19.02 has an unauthenticated reflected XSS vulnerability. | |||||
| CVE-2021-45474 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. | |||||
| CVE-2021-45473 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). | |||||
| CVE-2021-45472 | 2 Fedoraproject, Mediawiki | 2 Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme (among others) can be used. | |||||
| CVE-2021-45425 | 1 Safarimontage | 1 Safari Montage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. | |||||
| CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | |||||
| CVE-2021-45380 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php | |||||
| CVE-2021-45357 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | |||||
| CVE-2021-45329 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | |||||
| CVE-2021-45281 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized. | |||||
| CVE-2021-45229 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. | |||||
| CVE-2021-45228 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. | |||||
| CVE-2021-45227 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. | |||||
| CVE-2021-45225 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). | |||||
| CVE-2021-45224 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs. | |||||
| CVE-2021-45094 | 1 Okta | 1 Imprivata Privileged Access Management | 2024-11-21 | N/A | 5.4 MEDIUM |
| Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | |||||
| CVE-2021-45088 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | |||||
| CVE-2021-45087 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | |||||
| CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||||