Total
41416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36094 | 1 Otrs | 1 Otrs | 2024-11-21 | 5.7 Medium |
| It's possible to craft a request for appointment edit screen, which could lead to the XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition 6.0.x version 6.0.1 and later versions. OTRS AG OTRS 7.0.x version 7.0.28 and prior versions. | ||||
| CVE-2021-36092 | 1 Otrs | 1 Otrs | 2024-11-21 | 6.5 Medium |
| It's possible to create an email which contains specially crafted link and it can be used to perform XSS attack. This issue affects: OTRS AG ((OTRS)) Community Edition:6.0.x version 6.0.1 and later versions. OTRS AG OTRS: 7.0.x version 7.0.27 and prior versions; 8.0.x version 8.0.14 and prior versions. | ||||
| CVE-2021-36063 | 1 Adobe | 1 Connect | 2024-11-21 | 5.4 Medium |
| Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2021-36062 | 1 Adobe | 1 Connect | 2024-11-21 | 5.4 Medium |
| Adobe Connect version 11.2.2 (and earlier) is affected by a Reflected Cross-site Scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2021-36027 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2021-36026 | 1 Adobe | 2 Adobe Commerce, Magento Open Source | 2024-11-21 | 6.5 Medium |
| Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by a stored cross-site scripting vulnerability in the customer address upload feature that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2021-35976 | 1 Plesk | 1 Obsidian | 2024-11-21 | 6.1 Medium |
| The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. | ||||
| CVE-2021-35959 | 1 Plone | 1 Plone | 2024-11-21 | 5.4 Medium |
| In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. | ||||
| CVE-2021-35956 | 1 Akcp | 10 Sensorprobe2, Sensorprobe2 Firmware, Sensorprobe4 and 7 more | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. | ||||
| CVE-2021-35955 | 1 Contao | 1 Contao | 2024-11-21 | 4.8 Medium |
| Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7. | ||||
| CVE-2021-35513 | 1 Mermaid Project | 1 Mermaid | 2024-11-21 | 6.1 Medium |
| Mermaid before 8.11.0 allows XSS when the antiscript feature is used. | ||||
| CVE-2021-35506 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | ||||
| CVE-2021-35503 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | ||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | ||||
| CVE-2021-35499 | 1 Tibco | 1 Nimbus | 2024-11-21 | 8 High |
| The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below. | ||||
| CVE-2021-35493 | 1 Tibco | 3 Webfocus Client, Webfocus Installer, Webfocus Reporting Server | 2024-11-21 | 9 Critical |
| The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below. | ||||
| CVE-2021-35490 | 1 Thruk | 1 Thruk | 2024-11-21 | 5.4 Medium |
| Thruk before 2.44 allows XSS for a quick command. | ||||
| CVE-2021-35489 | 1 Thruk | 1 Thruk | 2024-11-21 | 6.1 Medium |
| Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it. | ||||
| CVE-2021-35488 | 1 Thruk | 1 Thruk | 2024-11-21 | 6.1 Medium |
| Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it. | ||||
| CVE-2021-35479 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. | ||||