Total
41417 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37634 | 1 Vapor | 1 Leafkit | 2024-11-21 | 7.4 High |
| Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, which could enable XSS attacks if other mitigations such as a Content Security Policy were not enabled. This has been patched in 1.3.0. As a workaround sanitize any untrusted input before passing it to Leaf and enable a CSP to block inline script and CSS data. | ||||
| CVE-2021-37633 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.4 High |
| Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | ||||
| CVE-2021-37596 | 1 Telegram | 1 Web K Alpha | 2024-11-21 | 6.1 Medium |
| Telegram Web K Alpha 0.6.1 allows XSS via a document name. | ||||
| CVE-2021-37573 | 1 Tiny Java Web Server Project | 1 Tiny Java Web Server | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the web server TTiny Java Web Server and Servlet Container (TJWS) <=1.115 allows an adversary to inject malicious code on the server's "404 Page not Found" error page | ||||
| CVE-2021-37552 | 1 Jetbrains | 1 Youtrack | 2024-11-21 | 5.4 Medium |
| In JetBrains YouTrack before 2021.2.17925, stored XSS was possible. | ||||
| CVE-2021-37542 | 1 Jetbrains | 1 Teamcity | 2024-11-21 | 6.1 Medium |
| In JetBrains TeamCity before 2020.2.3, XSS was possible. | ||||
| CVE-2021-37534 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| app/View/GalaxyClusters/add.ctp in MISP 2.4.146 allows Stored XSS when forking a galaxy cluster. | ||||
| CVE-2021-37524 | 1 Fusionpbx | 1 Fusionpbx | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in FusionPBX 4.5.26 allows remote unauthenticated users to inject arbitrary web script or HTML via an unsanitized "path" parameter in resources/login.php. | ||||
| CVE-2021-37504 | 1 Hayageek | 1 Jquery Upload File | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the fileNameStr parameter of jQuery-Upload-File v4.0.11 allows attackers to execute arbitrary web scripts or HTML via a crafted file with a Javascript payload in the file name. | ||||
| CVE-2021-37470 | 1 Nchsoftware | 1 Webdictate | 2024-11-21 | 5.4 Medium |
| In NCH WebDictate v2.13, persistent Cross Site Scripting (XSS) exists in the Recipient Name field. An authenticated user can add or modify the affected field to inject arbitrary JavaScript. | ||||
| CVE-2021-37467 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via /conferencebrowseuploadfile?confid= (reflected). | ||||
| CVE-2021-37466 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via /conference?id= (reflected). | ||||
| CVE-2021-37465 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via /uploaddoc?id= (reflected). | ||||
| CVE-2021-37464 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via Conference Description (stored). | ||||
| CVE-2021-37463 | 1 Nchsoftware | 1 Quorum | 2024-11-21 | 5.4 Medium |
| In NCH Quorum v2.03 and earlier, XSS exists via User Display Name (stored). | ||||
| CVE-2021-37462 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /ipblacklist?errorip= (reflected). | ||||
| CVE-2021-37461 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /extensionsinstruction?id= (reflected). | ||||
| CVE-2021-37460 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via /planprop?id= (reflected). | ||||
| CVE-2021-37459 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the customer name field (stored). | ||||
| CVE-2021-37458 | 1 Nchsoftware | 1 Axon Pbx | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the primary phone field (stored). | ||||