Total
37677 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-23922 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. | |||||
| CVE-2021-23889 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 LOW | 3.5 LOW |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | |||||
| CVE-2021-23881 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy. | |||||
| CVE-2021-23863 | 1 Bosch | 1 Video Security | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. | |||||
| CVE-2021-23860 | 1 Bosch | 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more | 2024-11-21 | 4.3 MEDIUM | 5.0 MEDIUM |
| An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | |||||
| CVE-2021-23856 | 1 Bosch | 4 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L40 and 1 more | 2024-11-21 | 4.3 MEDIUM | 10.0 CRITICAL |
| The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | |||||
| CVE-2021-23854 | 1 Bosch | 8 Cpp13, Cpp13 Firmware, Cpp6 and 5 more | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. | |||||
| CVE-2021-23848 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2024-11-21 | 4.3 MEDIUM | 8.3 HIGH |
| An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. | |||||
| CVE-2021-23838 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site. | |||||
| CVE-2021-23836 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page. | |||||
| CVE-2021-23824 | 1 Crowcpp | 1 Crow | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability. | |||||
| CVE-2021-23784 | 1 Tempura Project | 1 Tempura | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability. | |||||
| CVE-2021-23673 | 1 Pekeupload Project | 1 Pekeupload | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. | |||||
| CVE-2021-23648 | 2 Fedoraproject, Paypal | 2 Fedora, Braintree\/sanitize-url | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | |||||
| CVE-2021-23445 | 1 Datatables | 1 Datatables.net | 2024-11-21 | 4.3 MEDIUM | 3.1 LOW |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | |||||
| CVE-2021-23439 | 1 Johndatserakis | 1 File-upload-with-preview | 2024-11-21 | 4.3 MEDIUM | 4.2 MEDIUM |
| This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). | |||||
| CVE-2021-23416 | 1 Curly-bracket-parser Project | 1 Curly-bracket-parser | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input. | |||||
| CVE-2021-23414 | 2 Fedoraproject, Videojs | 2 Fedora, Video.js | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. | |||||
| CVE-2021-23411 | 1 Anchorme Project | 1 Anchorme | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction. | |||||
| CVE-2021-23398 | 1 React-bootstrap-table Project | 1 React-bootstrap-table | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. | |||||