Total
37793 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26032 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.26. HTML was missing in the executable block list of MediaHelper::canUpload, leading to XSS attack vectors. | |||||
| CVE-2021-26030 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.25. Inadequate escaping allowed XSS attacks using the logo parameter of the default templates on error page | |||||
| CVE-2021-26023 | 1 Nagios | 2 Favorites, Nagios Xi | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | |||||
| CVE-2021-25993 | 1 Requarks | 1 Wiki.js | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while uploading assets in the page. That will send the JWT tokens to the attacker’s server and will lead to account takeover when accessed by the victim. | |||||
| CVE-2021-25990 | 1 If-me | 1 Ifme | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe. | |||||
| CVE-2021-25989 | 1 If-me | 1 Ifme | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for them. | |||||
| CVE-2021-25988 | 1 If-me | 1 Ifme | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin. | |||||
| CVE-2021-25987 | 1 Hexo | 1 Hexo | 2024-11-21 | 1.9 LOW | 5.0 MEDIUM |
| Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbitrary code. | |||||
| CVE-2021-25986 | 1 Django-wiki Project | 1 Django-wiki | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. | |||||
| CVE-2021-25984 | 1 Darwin | 1 Factor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. | |||||
| CVE-2021-25983 | 1 Darwin | 1 Factor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. | |||||
| CVE-2021-25982 | 1 Darwin | 1 Factor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attacker can execute malicious JavaScript code and steal the session cookies. | |||||
| CVE-2021-25978 | 1 Apostrophecms | 1 Apostrophecms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Apostrophe CMS versions between 2.63.0 to 3.3.1 are vulnerable to Stored XSS where an editor uploads an SVG file that contains malicious JavaScript onto the Images module, which triggers XSS once viewed. | |||||
| CVE-2021-25977 | 1 Dotnetfoundation | 1 Piranha Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In PiranhaCMS, versions 7.0.0 to 9.1.1 are vulnerable to stored XSS due to the page title improperly sanitized. By creating a page with a specially crafted page title, a low privileged user can trigger arbitrary JavaScript execution. | |||||
| CVE-2021-25975 | 1 Publify Project | 1 Publify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uploaded html file. | |||||
| CVE-2021-25974 | 1 Publify Project | 1 Publify | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article. | |||||
| CVE-2021-25969 | 1 Tuzitio | 1 Camaleon Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Camaleon CMS application, versions 0.0.1 to 2.6.0 are vulnerable to stored XSS, that allows an unauthenticated attacker to store malicious scripts in the comments section of the post. These scripts are executed in a victim’s browser when they open the page containing the malicious comment. | |||||
| CVE-2021-25968 | 1 Alkacon | 1 Opencms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. | |||||
| CVE-2021-25967 | 1 Okfn | 1 Ckan | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in their profile picture. These scripts are executed in a victim’s browser when they open the malicious profile picture | |||||
| CVE-2021-25964 | 1 Janeczku | 1 Calibre-web | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In “Calibre-web” application, v0.6.0 to v0.6.12, are vulnerable to Stored XSS in “Metadata”. An attacker that has access to edit the metadata information, can inject JavaScript payload in the description field. When a victim tries to open the file, XSS will be triggered. | |||||