Total
37864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38152 | 1 Chikitsa | 1 Patient Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. | |||||
| CVE-2021-38151 | 1 Chikitsa | 1 Patient Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS. | |||||
| CVE-2021-38149 | 1 Chikitsa | 1 Patient Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS. | |||||
| CVE-2021-38144 | 1 Formtools | 1 Core | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS]. | |||||
| CVE-2021-38143 | 1 Formtools | 1 Core | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin. | |||||
| CVE-2021-38138 | 1 Onenav | 1 Onenav | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release. | |||||
| CVE-2021-38127 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | |||||
| CVE-2021-38113 | 1 Openwebif Project | 1 Openwebif | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. | |||||
| CVE-2021-38087 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | |||||
| CVE-2021-37999 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | |||||
| CVE-2021-37916 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Joplin before 2.0.9 allows XSS via button and form in the note body. | |||||
| CVE-2021-37860 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 2.6 LOW | 3.7 LOW |
| Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | |||||
| CVE-2021-37859 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 4.3 MEDIUM | 7.1 HIGH |
| Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | |||||
| CVE-2021-37833 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. | |||||
| CVE-2021-37805 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | |||||
| CVE-2021-37794 | 1 Filebrowser Project | 1 Filebrowser | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance. | |||||
| CVE-2021-37743 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. | |||||
| CVE-2021-37742 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | |||||
| CVE-2021-37715 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. | |||||