Total
41416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35478 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page. | ||||
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2024-11-21 | 5.4 Medium |
| SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | ||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. | ||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 6.1 Medium |
| In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. | ||||
| CVE-2021-35440 | 1 Smashing Project | 1 Smashing | 2024-11-21 | 6.1 Medium |
| Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker. | ||||
| CVE-2021-35438 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 6.1 Medium |
| phpIPAM 1.4.3 allows Reflected XSS via app/dashboard/widgets/ipcalc-result.php and app/tools/ip-calculator/result.php of the IP calculator. | ||||
| CVE-2021-35415 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. | ||||
| CVE-2021-35361 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | ||||
| CVE-2021-35360 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | ||||
| CVE-2021-35358 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. | ||||
| CVE-2021-35323 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | ||||
| CVE-2021-35303 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | ||||
| CVE-2021-35298 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. | ||||
| CVE-2021-35265 | 1 Maxsite | 1 Maxsite Cms | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. | ||||
| CVE-2021-35240 | 2 Microsoft, Solarwinds | 2 Internet Explorer, Orion Platform | 2024-11-21 | 6.5 Medium |
| A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. | ||||
| CVE-2021-35239 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.5 High |
| A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | ||||
| CVE-2021-35238 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.8 Medium |
| User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. | ||||
| CVE-2021-35229 | 1 Solarwinds | 2 Database Performance Analyzer, Database Performance Monitor | 2024-11-21 | 6.8 Medium |
| Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | ||||
| CVE-2021-35228 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 5.5 Medium |
| This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim. | ||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 4.7 Medium |
| The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | ||||