Total
37635 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21799 | 1 Advantech | 1 R-seenet | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability. | |||||
| CVE-2021-21747 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information. | |||||
| CVE-2021-21746 | 1 Zte | 2 Mf971r, Mf971r Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information. | |||||
| CVE-2021-21738 | 1 Zte | 2 Zxiptv, Zxiptv Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09> | |||||
| CVE-2021-21700 | 1 Jenkins | 1 Scriptler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts. | |||||
| CVE-2021-21699 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21668 | 1 Jenkins | 1 Scriptler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | |||||
| CVE-2021-21667 | 1 Jenkins | 1 Scriptler | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission. | |||||
| CVE-2021-21666 | 1 Jenkins | 1 Kiuwan | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-21660 | 1 Jenkins | 1 Markdown Formatter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter. | |||||
| CVE-2021-21649 | 1 Jenkins | 1 Dashboard View | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | |||||
| CVE-2021-21648 | 1 Jenkins | 1 Credentials | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-21635 | 1 Jenkins | 1 Rest List Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21630 | 1 Jenkins | 1 Extra Columns | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21628 | 1 Jenkins | 1 Build With Parameters | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21622 | 1 Jenkins | 1 Artifact Repository Parameter | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21619 | 1 Jenkins | 1 Claim | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins. | |||||
| CVE-2021-21618 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | |||||
| CVE-2021-21616 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | |||||
| CVE-2021-21613 | 1 Jenkins | 1 Tics | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | |||||