Total
37823 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30056 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. | |||||
| CVE-2021-30049 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | |||||
| CVE-2021-30044 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. | |||||
| CVE-2021-30042 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php | |||||
| CVE-2021-30039 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php. | |||||
| CVE-2021-30034 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. | |||||
| CVE-2021-30030 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. | |||||
| CVE-2021-30003 | 1 Nokia | 2 G-120w-f, G-120w-f Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | |||||
| CVE-2021-29996 | 1 Marktext | 1 Marktext | 2024-11-21 | 6.8 MEDIUM | 9.6 CRITICAL |
| Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. | |||||
| CVE-2021-29994 | 1 Cloudera | 1 Hue | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Hue 4.6.0 allows XSS. | |||||
| CVE-2021-29979 | 1 Mozilla | 1 Hubs Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634. | |||||
| CVE-2021-29953 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A malicious webpage could have forced a Firefox for Android user into executing attacker-controlled JavaScript in the context of another domain, resulting in a Universal Cross-Site Scripting vulnerability. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected. Further details are being temporarily withheld to allow users an opportunity to update.*. This vulnerability affects Firefox < 88.0.1 and Firefox for Android < 88.1.3. | |||||
| CVE-2021-29944 | 1 Mozilla | 1 Firefox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Lack of escaping allowed HTML injection when a webpage was viewed in Reader View. While a Content Security Policy prevents direct code execution, HTML injection is still possible. *Note: This issue only affected Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 88. | |||||
| CVE-2021-29912 | 2 Ibm, Redhat | 2 Security Risk Manager On Cp4s, Openshift | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207828. | |||||
| CVE-2021-29905 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207616. | |||||
| CVE-2021-29878 | 1 Ibm | 1 Business Automation Workflow | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Business Automation Workflow 18.0, 19.0, 20.0, and 21.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 206581. | |||||
| CVE-2021-29855 | 1 Ibm | 1 Sterling B2b Integrator | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.1.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205684. | |||||
| CVE-2021-29852 | 1 Ibm | 1 Planning Analytics | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205528. | |||||
| CVE-2021-29849 | 2 Ibm, Linux | 2 Qradar Security Information And Event Manager, Linux Kernel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM QRadar SIEM 7.3 and 7.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205281. | |||||
| CVE-2021-29841 | 2 Ibm, Linux | 5 Aix, Financial Transaction Manager, Linux On Ibm Z and 2 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| IBM Financial Transaction Manager 3.2.4 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 205045. | |||||