Vulnerabilities (CVE)

  1. OpenCVE
  2. Vulnerabilities (CVE)
Filtered by CWE-79
Total 38009 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-40041 1 Huawei 2 Ws318n-21, Ws318n-21 Firmware 2024-11-21 1.9 LOW 4.2 MEDIUM
There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6.
CVE-2021-3994 1 Django-helpdesk Project 1 Django-helpdesk 2024-11-21 6.8 MEDIUM 9.6 CRITICAL
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3985 1 Kimai 1 Kimai2 2024-11-21 6.0 MEDIUM 9.0 CRITICAL
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3983 1 Kimai2 Project 1 Kimai2 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3977 1 Invoiceninja 1 Invoice Ninja 2024-11-21 3.5 LOW 5.4 MEDIUM
invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3961 1 Snipeitapp 1 Snipe-it 2024-11-21 3.5 LOW 5.4 MEDIUM
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3950 1 Django-helpdesk Project 1 Django-helpdesk 2024-11-21 3.5 LOW 5.4 MEDIUM
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3945 1 Django-helpdesk Project 1 Django-helpdesk 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3938 1 Snipeitapp 1 Snipe-it 2024-11-21 3.5 LOW 5.4 MEDIUM
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3920 1 Getgrav 1 Grav-plugin-admin 2024-11-21 3.5 LOW 5.4 MEDIUM
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3914 1 Redhat 3 Build Of Quarkus, Openshift Application Runtimes, Smallrye Health 2024-11-21 N/A 6.1 MEDIUM
It was found that the smallrye health metrics UI component did not properly sanitize some user inputs. An attacker could use this flaw to conduct cross-site scripting attacks.
CVE-2021-3904 1 Getgrav 1 Grav 2024-11-21 3.5 LOW 5.4 MEDIUM
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3879 1 Snipeitapp 1 Snipe-it 2024-11-21 3.5 LOW 5.4 MEDIUM
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3866 1 Zulip 1 Zulip 2024-11-21 3.5 LOW 5.4 MEDIUM
Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6.
CVE-2021-3863 1 Snipeitapp 1 Snipe-it 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3862 1 Icecoder 1 Icecoder 2024-11-21 3.5 LOW 4.8 MEDIUM
icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3857 1 Chaskiq 1 Chaskiq 2024-11-21 3.5 LOW 5.4 MEDIUM
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3853 1 Chaskiq 1 Chaskiq 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVE-2021-3834 1 Artica 1 Integria Ims 2024-11-21 4.3 MEDIUM 5.4 MEDIUM
Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS).
CVE-2021-3831 1 Gnuboard 1 Gnuboard5 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')