Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36821 | 1 Incsub | 1 Forminator | 2024-11-21 | N/A | 7.1 HIGH |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11. | |||||
| CVE-2021-36806 | 1 Sophos | 1 Email Appliance | 2024-11-21 | N/A | 4.7 MEDIUM |
| A reflected XSS vulnerability allows an open redirect when the victim clicks a malicious link to an error page on Sophos Email Appliance older than version 4.5.3.4. | |||||
| CVE-2021-36805 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 3.5 LOW | 5.2 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36803 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 3.5 LOW | 6.3 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36790 | 1 Dated News Project | 1 Dated News | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. | |||||
| CVE-2021-36788 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. | |||||
| CVE-2021-36787 | 1 In2code | 1 Femanager | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. | |||||
| CVE-2021-36785 | 1 Miniorange | 1 Saml | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. | |||||
| CVE-2021-36772 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. | |||||
| CVE-2021-36771 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7110 allows reflected XSS. | |||||
| CVE-2021-36760 | 1 Wso2 | 4 Api Manager, Identity Server, Identity Server As Key Manager and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In accountrecoveryendpoint/recoverpassword.do in WSO2 Identity Server 5.7.0, it is possible to perform a DOM-Based XSS attack affecting the callback parameter modifying the URL that precedes the callback parameter. Once the username or password reset procedure is completed, the JavaScript code will be executed. (recoverpassword.do also has an open redirect issue for a similar reason.) | |||||
| CVE-2021-36755 | 1 Cgm-remote-monitor Project | 1 Cgm-remote-monitor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. | |||||
| CVE-2021-36747 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | |||||
| CVE-2021-36746 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | |||||
| CVE-2021-36738 | 1 Apache | 1 Pluto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact | |||||
| CVE-2021-36737 | 1 Apache | 1 Pluto | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact | |||||
| CVE-2021-36720 | 1 Pineapp | 1 Mail Secure | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . | |||||
| CVE-2021-36703 | 1 Htmly | 1 Htmly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name. | |||||
| CVE-2021-36702 | 1 Htmly | 1 Htmly | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content. | |||||
| CVE-2021-36698 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. | |||||