Total
37815 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26829 | 1 Openplcproject | 1 Scadabr | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| OpenPLC ScadaBR through 0.9.1 on Linux and through 1.12.4 on Windows allows stored XSS via system_settings.shtm. | |||||
| CVE-2021-26812 | 1 Jitsi | 1 Meet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | |||||
| CVE-2021-26799 | 1 Omeka | 1 Omeka | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. | |||||
| CVE-2021-26787 | 1 Genesys | 1 Workforce Management | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. | |||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | |||||
| CVE-2021-26746 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | |||||
| CVE-2021-26723 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | |||||
| CVE-2021-26722 | 1 Linkedin | 1 Oncall | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. | |||||
| CVE-2021-26716 | 1 Openenergymonitor | 1 Emoncms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. | |||||
| CVE-2021-26710 | 1 Redwood | 1 Report2web | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. | |||||
| CVE-2021-26702 | 1 Eprints | 1 Eprints | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. | |||||
| CVE-2021-26698 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | |||||
| CVE-2021-26682 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. | |||||
| CVE-2021-26678 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | |||||
| CVE-2021-26636 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 6.8 MEDIUM | 8.8 HIGH |
| Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | |||||
| CVE-2021-26628 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. | |||||
| CVE-2021-26596 | 1 Nokia | 1 Netact | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Nokia NetAct 18A. A malicious user can change a filename of an uploaded file to include JavaScript code, which is then stored and executed by a victim's web browser. The most common mechanism for delivering malicious content is to include it as a parameter in a URL that is posted publicly or e-mailed directly to victims. Here, the /netact/sct filename parameter is used. | |||||
| CVE-2021-26587 | 1 Hpe | 12 Storeonce 3620, Storeonce 3620 Firmware, Storeonce 3640 and 9 more | 2024-11-21 | 6.0 MEDIUM | 6.5 MEDIUM |
| A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce. | |||||
| CVE-2021-26584 | 1 Hp | 1 Oneview For Vmware Vcenter | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in HPE OneView for VMware vCenter (OV4VC) could be exploited remotely to allow Cross-Site Scripting. HPE has released the following software update to resolve the vulnerability in HPE OneView for VMware vCenter (OV4VC). | |||||
| CVE-2021-26582 | 3 Hp, Microsoft, Redhat | 4 Hp-ux, Icewall Sso Dgfw, Windows and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A security vulnerability in HPE IceWall SSO Domain Gateway Option (Dgfw) module version 10.0 on RHEL 5/6/7, version 10.0 on HP-UX 11i v3, version 10.0 on Windows and 11.0 on Windows could be exploited remotely to allow cross-site scripting (XSS). | |||||