Total
39597 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-36176 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple uncontrolled resource consumption vulnerabilities in the web interface of FortiPortal before 6.0.6 may allow a single low-privileged user to induce a denial of service via multiple HTTP requests. | |||||
| CVE-2021-36175 | 1 Fortinet | 1 Fortiweb | 2024-11-21 | 3.5 LOW | 4.1 MEDIUM |
| An improper neutralization of input vulnerability [CWE-79] in FortiWebManager versions 6.2.3 and below, 6.0.2 and below may allow a remote authenticated attacker to inject malicious script/tags via the name/description/comments parameter of various sections of the device. | |||||
| CVE-2021-36150 | 1 Silverstripe | 1 Silverstripe | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SilverStripe Framework through 4.8.1 allows XSS. | |||||
| CVE-2021-36131 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in the SportsTeams extension in MediaWiki through 1.36. Within several special pages, a privileged user could inject arbitrary HTML and JavaScript within various data fields. The attack could easily propagate across many pages for many users. | |||||
| CVE-2021-36130 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| An XSS issue was discovered in the SocialProfile extension in MediaWiki through 1.36. Within several gift-related special pages, a privileged user with the awardmanage right could inject arbitrary HTML and JavaScript within various gift-related data fields. The attack could easily propagate across many pages for many users. | |||||
| CVE-2021-36094 | 1 Otrs | 1 Otrs | 2024-11-21 | 3.5 LOW | 5.7 MEDIUM |
| It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | |||||
| CVE-2021-36092 | 1 Otrs | 1 Otrs | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. | |||||
| CVE-2021-36063 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-36062 | 1 Adobe | 1 Connect | 2024-11-21 | 4.3 MEDIUM | 5.4 MEDIUM |
| Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | |||||
| CVE-2021-36027 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-36026 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 4.3 MEDIUM | 6.5 MEDIUM |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | |||||
| CVE-2021-35976 | 1 Plesk | 1 Obsidian | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. | |||||
| CVE-2021-35959 | 1 Plone | 1 Plone | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. | |||||
| CVE-2021-35956 | 1 Akcp | 10 Sensorprobe2, Sensorprobe2 Firmware, Sensorprobe4 and 7 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. | |||||
| CVE-2021-35955 | 1 Contao | 1 Contao | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7. | |||||
| CVE-2021-35513 | 1 Mermaid Project | 1 Mermaid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Mermaid before 8.11.0 allows XSS when the antiscript feature is used. | |||||
| CVE-2021-35506 | 1 Afian | 1 Filerun | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | |||||
| CVE-2021-35503 | 1 Afian | 1 Filerun | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | |||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | |||||
| CVE-2021-35499 | 1 Tibco | 1 Nimbus | 2024-11-21 | 3.5 LOW | 8.0 HIGH |
| The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below. | |||||