Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | |||||
| CVE-2021-45380 | 1 Appcms | 1 Appcms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php | |||||
| CVE-2021-45357 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | |||||
| CVE-2021-45329 | 1 Gitea | 1 Gitea | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | |||||
| CVE-2021-45281 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized. | |||||
| CVE-2021-45229 | 1 Apache | 1 Airflow | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. | |||||
| CVE-2021-45228 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. | |||||
| CVE-2021-45227 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. | |||||
| CVE-2021-45225 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). | |||||
| CVE-2021-45224 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs. | |||||
| CVE-2021-45094 | 1 Okta | 1 Imprivata Privileged Access Management | 2024-11-21 | N/A | 5.4 MEDIUM |
| Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | |||||
| CVE-2021-45088 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | |||||
| CVE-2021-45087 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | |||||
| CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | |||||
| CVE-2021-45085 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | |||||
| CVE-2021-45071 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | |||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | |||||
| CVE-2021-45018 | 1 Catfish-cms | 1 Catfish Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Catfish <=6.3.0 via a Google search in url:/catfishcms/index.php/admin/Index/addmenu.htmland then the .html file on the website that uses this editor (the file suffix is allowed). | |||||
| CVE-2021-44970 | 1 1234n | 1 Minicms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| MiniCMS v1.11 was discovered to contain a cross-site scripting (XSS) vulnerability via /mc-admin/page-edit.php. | |||||
| CVE-2021-44969 | 1 Taogogo | 1 Taocms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Taocms v3.0.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Management Column component. | |||||