Total
37864 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-37710 | 1 Shopware | 1 Shopware | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | |||||
| CVE-2021-37700 | 1 Paste-markdown Project | 1 Paste-markdown | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| @github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string `<table>`, a **div** is dynamically created, and the clipboard content is copied into its **innerHTML** property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim (the user who pasted the code). Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected. This is fixed in version 0.3.4. Refer the to the referenced GitHub Advisory for more details including an example exploit. | |||||
| CVE-2021-37695 | 4 Ckeditor, Debian, Fedoraproject and 1 more | 12 Ckeditor, Debian Linux, Fedora and 9 more | 2024-11-21 | 3.5 LOW | 7.3 HIGH |
| ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. | |||||
| CVE-2021-37634 | 1 Vapor | 1 Leafkit | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, which could enable XSS attacks if other mitigations such as a Content Security Policy were not enabled. This has been patched in 1.3.0. As a workaround sanitize any untrusted input before passing it to Leaf and enable a CSP to block inline script and CSS data. | |||||
| CVE-2021-37633 | 1 Discourse | 1 Discourse | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | |||||
| CVE-2021-37596 | 1 Telegram | 1 Web K Alpha | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Telegram Web K Alpha 0.6.1 allows XSS via a document name. | |||||
| CVE-2021-37573 | 1 Tiny Java Web Server Project | 1 Tiny Java Web Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page | |||||
| CVE-2021-37552 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | |||||
| CVE-2021-37542 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. | |||||
| CVE-2021-37534 | 1 Misp | 1 Misp | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | |||||
| CVE-2021-37524 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | |||||
| CVE-2021-37504 | 1 Hayageek | 1 Jquery Upload File | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | |||||
| CVE-2021-37470 | 1 Nchsoftware | 1 Webdictate | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | |||||
| CVE-2021-37467 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | |||||
| CVE-2021-37466 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | |||||
| CVE-2021-37465 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | |||||
| CVE-2021-37464 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | |||||
| CVE-2021-37463 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | |||||
| CVE-2021-37462 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | |||||
| CVE-2021-37461 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | |||||