Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43808 | 1 Laravel | 1 Framework | 2024-11-21 | 4.3 MEDIUM | 5.3 MEDIUM |
| Laravel is a web application framework. Laravel prior to versions 8.75.0, 7.30.6, and 6.20.42 contain a possible cross-site scripting (XSS) vulnerability in the Blade templating engine. A broken HTML element may be clicked and the user taken to another location in their browser due to XSS. This is due to the user being able to guess the parent placeholder SHA-1 hash by trying common names of sections. If the parent template contains an exploitable HTML structure an XSS vulnerability can be exposed. This vulnerability has been patched in versions 8.75.0, 7.30.6, and 6.20.42 by determining the parent placeholder at runtime and using a random hash that is unique to each request. | |||||
| CVE-2021-43787 | 1 Nodebb | 1 Nodebb | 2024-11-21 | 4.3 MEDIUM | 9.0 CRITICAL |
| Nodebb is an open source Node.js based forum software. In affected versions a prototype pollution vulnerability in the uploader module allowed a malicious user to inject arbitrary data (i.e. javascript) into the DOM, theoretically allowing for an account takeover when used in conjunction with a path traversal vulnerability disclosed at the same time as this report. The vulnerability has been patched as of v1.18.5. Users are advised to upgrade as soon as possible. | |||||
| CVE-2021-43785 | 1 Emoji Button Project | 1 Emoji Button | 2024-11-21 | 4.3 MEDIUM | 7.6 HIGH |
| @joeattardi/emoji-button is a Vanilla JavaScript emoji picker component. In affected versions there are two vectors for XSS attacks: a URL for a custom emoji, and an i18n string. In both of these cases, a value can be crafted such that it can insert a `script` tag into the page and execute malicious code. | |||||
| CVE-2021-43776 | 1 Linuxfoundation | 1 Auth Backend | 2024-11-21 | 4.3 MEDIUM | 7.4 HIGH |
| Backstage is an open platform for building developer portals. In affected versions the auth-backend plugin allows a malicious actor to trick another user into visiting a vulnerable URL that executes an XSS attack. This attack can potentially allow the attacker to exfiltrate access tokens or other secrets from the user's browser. The default CSP does prevent this attack, but it is expected that some deployments have these policies disabled due to incompatibilities. This is vulnerability is patched in version `0.4.9` of `@backstage/plugin-auth-backend`. | |||||
| CVE-2021-43765 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-43764 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-43761 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-43742 | 1 Cmsimple | 1 Cmsimple | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature. | |||||
| CVE-2021-43729 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter. | |||||
| CVE-2021-43728 | 1 Pix-link | 2 Lv-wr09, Lv-wr09 Firmware | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter. | |||||
| CVE-2021-43725 | 1 Spotweb Project | 1 Spotweb | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter. | |||||
| CVE-2021-43724 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file. | |||||
| CVE-2021-43721 | 1 Leanote | 1 Leanote | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();> | |||||
| CVE-2021-43712 | 1 Employee Daily Task Management System Project | 1 Employee Daily Task Management System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field. | |||||
| CVE-2021-43707 | 1 Maccms | 1 Maccms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter. | |||||
| CVE-2021-43702 | 1 Asus | 186 4g-ac53u, 4g-ac53u Firmware, 4g-ac68u and 183 more | 2024-11-21 | 3.5 LOW | 9.0 CRITICAL |
| ASUS RT-A88U 3.0.0.4.386_45898 is vulnerable to Cross Site Scripting (XSS). The ASUS router admin panel does not sanitize the WiFI logs correctly, if an attacker was able to change the SSID of the router with a custom payload, they could achieve stored XSS on the device. | |||||
| CVE-2021-43698 | 1 Phpwhois Project | 1 Phpwhois | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpWhois (last update Jun 30 2021) is affected by a Cross Site Scripting (XSS) vulnerability. In file example.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET['query'] then there is a XSS vulnerability. | |||||
| CVE-2021-43697 | 1 Workerman-thinkphp-redis Project | 1 Workerman-thinkphp-redis | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Workerman-ThinkPHP-Redis (last update Mar 16, 2018) is affected by a Cross Site Scripting (XSS) vulnerability. In file Controller.class.php, the exit function will terminate the script and print the message to the user. The message will contain $_GET{C('VAR_JSONP_HANDLER')] then there is a XSS vulnerability. | |||||
| CVE-2021-43696 | 1 Twmap Project | 1 Twmap | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| twmap v2.91_v4.33 is affected by a Cross Site Scripting (XSS) vulnerability. In file list.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST then there is a XSS vulnerability. | |||||
| CVE-2021-43695 | 1 Issabel | 1 Pbx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| issabelPBX version 2.11 is affected by a Cross Site Scripting (XSS) vulnerability. In file page.backup_restore.php, the exit function will terminate the script and print the message to the user. The message will contain $_REQUEST without sanitization, then there is a XSS vulnerability. | |||||