Total
37614 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-20103 | 1 Machform | 1 Machform | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Machform prior to version 16 is vulnerable to stored cross-site scripting due to insufficient sanitization of file attachments uploaded with forms through upload.php. | |||||
| CVE-2021-20080 | 1 Zohocorp | 1 Manageengine Servicedesk Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient output sanitization in ManageEngine ServiceDesk Plus before version 11200 and ManageEngine AssetExplorer before version 6800 allows a remote, unauthenticated attacker to conduct persistent cross-site scripting (XSS) attacks by uploading a crafted XML asset file. | |||||
| CVE-2021-20071 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs. | |||||
| CVE-2021-20070 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs. | |||||
| CVE-2021-20069 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs. | |||||
| CVE-2021-20068 | 1 Racom | 2 M\!dge, M\!dge Firmware | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages. | |||||
| CVE-2021-1826 | 1 Apple | 5 Ipados, Iphone Os, Macos and 2 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing maliciously crafted web content may lead to universal cross site scripting. | |||||
| CVE-2021-1825 | 1 Apple | 8 Icloud, Ipados, Iphone Os and 5 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. | |||||
| CVE-2021-1724 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2024-11-21 | 2.3 LOW | 6.1 MEDIUM |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | |||||
| CVE-2021-1607 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. | |||||
| CVE-2021-1606 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. | |||||
| CVE-2021-1605 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. | |||||
| CVE-2021-1604 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. | |||||
| CVE-2021-1603 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user. These vulnerabilities exist because the web-based management interface does not sufficiently validate user-supplied input. An attacker could exploit these vulnerabilities by injecting malicious code into specific pages of the interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. To exploit these vulnerabilities, the attacker would need valid administrative credentials. | |||||
| CVE-2021-1599 | 1 Cisco | 1 Unified Customer Voice Portal | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Unified Customer Voice Portal (CVP) could allow an authenticated, remote attacker to perform a cross-site scripting (XSS) attack against a user. This vulnerability is due to insufficient input validation of a parameter that is used by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a malicious link. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface, access sensitive, browser-based information, or cause an affected device to reboot under certain conditions. | |||||
| CVE-2021-1582 | 1 Cisco | 2 Application Policy Infrastructure Controller, Cloud Application Policy Infrastructure Controller | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web UI of Cisco Application Policy Infrastructure Controller (APIC) or Cisco Cloud APIC could allow an authenticated, remote attacker to perform a stored cross-site scripting attack on an affected system. This vulnerability is due to improper input validation in the web UI. An authenticated attacker could exploit this vulnerability by sending malicious input to the web UI. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. | |||||
| CVE-2021-1575 | 1 Cisco | 1 Virtualized Voice Browser | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Virtualized Voice Browser could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by persuading a user of an affected interface to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2021-1571 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1543 | 1 Cisco | 18 Sf220-24, Sf220-24 Firmware, Sf220-24p and 15 more | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| Multiple vulnerabilities in the web-based management interface of Cisco Small Business 220 Series Smart Switches could allow an attacker to do the following: Hijack a user session Execute arbitrary commands as a root user on the underlying operating system Conduct a cross-site scripting (XSS) attack Conduct an HTML injection attack For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1507 | 1 Cisco | 1 Sd-wan Vmanage | 2024-11-21 | 3.5 LOW | 6.4 MEDIUM |
| A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. | |||||