Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-41542 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The User Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. | |||||
| CVE-2021-41541 | 1 Siemens | 2 Climatix Pol909, Climatix Pol909 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in Climatix POL909 (AWB module) (All versions < V11.44), Climatix POL909 (AWM module) (All versions < V11.36). The Group Management page of affected devices is vulnerable to cross-site scripting (XSS). The vulnerability allows an attacker to send malicious JavaScript code which could result in hijacking of the user's cookie/session tokens, redirecting the user to a malicious webpage and performing unintended browser action. | |||||
| CVE-2021-41502 | 1 Intelliants | 1 Subrion Cms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in Subrion CMS v4.2.1 There is a stored cross-site scripting (XSS) vulnerability that can execute malicious JavaScript code by modifying the name of the uploaded image, closing the html tag, or adding the onerror attribute. | |||||
| CVE-2021-41467 | 1 Justwriting Project | 1 Justwriting | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge parameter. | |||||
| CVE-2021-41465 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | |||||
| CVE-2021-41464 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | |||||
| CVE-2021-41463 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | |||||
| CVE-2021-41462 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. | |||||
| CVE-2021-41461 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | |||||
| CVE-2021-41445 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. | |||||
| CVE-2021-41432 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | |||||
| CVE-2021-41427 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. | |||||
| CVE-2021-41421 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | |||||
| CVE-2021-41420 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | |||||
| CVE-2021-41415 | 1 Subscription-manager Project | 1 Subscription-manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | |||||
| CVE-2021-41391 | 1 Ericsson | 1 Enterprise Content Management | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. | |||||
| CVE-2021-41372 | 1 Microsoft | 1 Power Bi Report Server | 2024-11-21 | 6.8 MEDIUM | 7.6 HIGH |
| A Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exists when Power BI Report Server Template file (pbix) containing HTML files is uploaded to the server and HTML files are accessed directly by the victim. Combining these 2 vulnerabilities together, an attacker is able to upload malicious Power BI templates files to the server using the victim's session and run scripts in the security context of the user and perform privilege escalation in case the victim has admin privileges when the victim access one of the HTML files present in the malicious Power BI template uploaded. The security update addresses the vulnerability by helping to ensure that Power BI Report Server properly sanitize file uploads. | |||||
| CVE-2021-41354 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | |||||
| CVE-2021-41318 | 1 Progress | 1 Whatsupgold | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | |||||
| CVE-2021-41310 | 1 Atlassian | 1 Jira Software Data Center | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. | |||||