Total
37823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-31373 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3. | |||||
| CVE-2021-31355 | 1 Juniper | 1 Junos | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML and steal sensitive data and credentials from a web administration session, possibly tricking a follow-on administrative user to perform administrative actions on the device. This issue affects Juniper Networks Junos OS: All versions, including the following supported releases: 12.3X48 versions prior to 12.3X48-D105; 15.1X49 versions prior to 15.1X49-D220; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S9; 19.1 versions prior to 19.1R3-S7; 19.2 versions prior to 19.2R3-S3; 19.3 versions prior to 19.3R3-S4; 19.4 versions prior to 19.4R3-S6; 20.1 versions prior to 20.1R3; 20.2 versions prior to 20.2R1-S1, 20.2R2; 20.3 versions prior to 20.3R2; 20.4 versions prior to 20.4R2; 21.1 versions prior to 21.1R2. | |||||
| CVE-2021-31330 | 1 Reviewboard | 1 Review Board | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A Cross-Site Scripting (XSS) vulnerability exists within Review Board versions 3.0.20 and 4.0 RC1 and earlier. An authenticated attacker may inject malicious Javascript code when using Markdown editing within the application which remains persistent. | |||||
| CVE-2021-31329 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Chat" and "Personal Address" field on staff/register.php | |||||
| CVE-2021-31327 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Remote Clinic v2.0 in /medicines due to Medicine Name Field. | |||||
| CVE-2021-31274 | 1 Librenms | 1 Librenms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In LibreNMS < 21.3.0, a stored XSS vulnerability was identified in the API Access page due to insufficient sanitization of the $api->description variable. As a result, arbitrary Javascript code can get executed. | |||||
| CVE-2021-31250 | 1 Chiyu-tech | 6 Bf-430, Bf-430 Firmware, Bf-431 and 3 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Multiple storage XSS vulnerabilities were discovered on BF-430, BF-431 and BF-450M TCP/IP Converter devices from CHIYU Technology Inc due to a lack of sanitization of the input on the components man.cgi, if.cgi, dhcpc.cgi, ppp.cgi. | |||||
| CVE-2021-30890 | 3 Apple, Debian, Fedoraproject | 7 Ipados, Iphone Os, Macos and 4 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-30744 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-30689 | 1 Apple | 6 Ipados, Iphone Os, Macos and 3 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-30650 | 1 Broadcom | 1 Layer7 Api Management Oauth Toolkit | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application. | |||||
| CVE-2021-30637 | 1 Htmly | 1 Htmly | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. | |||||
| CVE-2021-30458 | 1 Wikimedia | 1 Parsoid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. | |||||
| CVE-2021-30227 | 1 Emlog | 1 Emlog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. | |||||
| CVE-2021-30213 | 1 Eng | 1 Knowage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. | |||||
| CVE-2021-30212 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter. | |||||
| CVE-2021-30211 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter. | |||||
| CVE-2021-30203 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | N/A | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability in the zero parameter of dzzoffice 2.02.1_SC_UTF8 allows attackers to execute arbitrary web scripts or HTML. | |||||
| CVE-2021-30174 | 1 Ruiyanai | 1 Cloudiso | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks. | |||||
| CVE-2021-30172 | 1 Junhetec | 1 Omnidirectional Communication System | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||