Total
41416 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33829 | 4 Ckeditor, Debian, Drupal and 1 more | 4 Ckeditor, Debian Linux, Drupal and 1 more | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in the HTML Data Processor in CKEditor 4 4.14.0 through 4.16.x before 4.16.1 allows remote attackers to inject executable JavaScript code through a crafted comment because --!> is mishandled. | ||||
| CVE-2021-33710 | 1 Siemens | 1 Teamcenter Active Workspace | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in Teamcenter Active Workspace V4 (All versions < V4.3.9), Teamcenter Active Workspace V5.0 (All versions < V5.0.7), Teamcenter Active Workspace V5.1 (All versions < V5.1.4). A reflected cross-site scripting (XSS) vulnerability exists in the web interface of the affected devices that could allow an attacker to execute malicious JavaScript code by tricking users into accessing a malicious link. | ||||
| CVE-2021-33703 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| Under certain conditions, NetWeaver Enterprise Portal, versions - 7.30, 7.31, 7.40, 7.50, does not sufficiently encode URL parameters. An attacker can craft a malicious link and send it to a victim. A successful attack results in Reflected Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-33702 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 6.1 Medium |
| Under certain conditions, NetWeaver Enterprise Portal, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode report data. An attacker can craft malicious data and print it to the report. In a successful attack, a victim opens the report, and the malicious script gets executed in the victim's browser, resulting in a Stored Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-33696 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. | ||||
| CVE-2021-33694 | 1 Sap | 1 Cloud Connector | 2024-11-21 | 4.8 Medium |
| SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. | ||||
| CVE-2021-33691 | 1 Sap | 1 Netweaver Development Infrastructure | 2024-11-21 | 6.1 Medium |
| NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also. | ||||
| CVE-2021-33682 | 1 Sap | 1 Lumira Server | 2024-11-21 | 5.4 Medium |
| SAP Lumira Server version 2.4 does not sufficiently encode user controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with basic level privileges to store a malicious script on SAP Lumira Server. The execution of the script content, by a victim registered on SAP Lumira Server, could compromise the confidentiality and integrity of SAP Lumira content. | ||||
| CVE-2021-33679 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| The SAP BusinessObjects BI Platform version - 420 allows an attacker, who has basic access to the application, to inject a malicious script while creating a new module document, file, or folder. When another user visits that page, the stored malicious script will execute in their session, hence allowing the attacker to compromise their confidentiality and integrity. | ||||
| CVE-2021-33675 | 1 Sap | 1 Contact Center | 2024-11-21 | 6.1 Medium |
| Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability through phishing and to execute arbitrary code on the victim's browser. | ||||
| CVE-2021-33674 | 1 Sap | 1 Contact Center | 2024-11-21 | 6.1 Medium |
| Under certain conditions, SAP Contact Center - version 700, does not sufficiently encode user-controlled inputs. This allows an attacker to exploit a Reflected Cross-Site Scripting (XSS) vulnerability when creating a new email and to execute arbitrary code on the victim's browser. | ||||
| CVE-2021-33673 | 1 Sap | 1 Contact Center | 2024-11-21 | 6.1 Medium |
| Under certain conditions, SAP Contact Center - version 700,does not sufficiently encode user-controlled inputs and persists in them. This allows an attacker to exploit a Stored Cross-Site Scripting (XSS) vulnerability when a user browses through the employee directory and to execute arbitrary code on the victim's browser. Due to the usage of ActiveX in the application, the attacker can further execute operating system level commands. | ||||
| CVE-2021-33666 | 1 Sap | 1 Commerce Cloud | 2024-11-21 | 6.1 Medium |
| When SAP Commerce Cloud version 100, hosts a JavaScript storefront, it is vulnerable to MIME sniffing, which, in certain circumstances, could be used to facilitate an XSS attack or malware proliferation. | ||||
| CVE-2021-33665 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.4 Medium |
| SAP NetWeaver Application Server ABAP (Applications based on SAP GUI for HTML), versions - KRNL64NUC - 7.49, KRNL64UC - 7.49,7.53, KERNEL - 7.49,7.53,7.77,7.81,7.84, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-33664 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 5.4 Medium |
| SAP NetWeaver Application Server ABAP (Applications based on Web Dynpro ABAP), versions - SAP_UI - 750,752,753,754,755, SAP_BASIS - 702, 731 does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-33618 | 1 Dolibarr | 1 Dolibarr Erp\/crm | 2024-11-21 | 6.1 Medium |
| Dolibarr ERP and CRM 13.0.2 allows XSS via object details, as demonstrated by > and < characters in the onpointermove attribute of a BODY element to the user-management feature. | ||||
| CVE-2021-33616 | 1 Rsa | 1 Archer | 2024-11-21 | 5.4 Medium |
| RSA Archer 6.x through 6.9 SP1 P4 (6.9.1.4) allows stored XSS. | ||||
| CVE-2021-33611 | 1 Vaadin | 2 Vaadin, Vaadin-menu-bar | 2024-11-21 | 6.1 Medium |
| Missing output sanitization in test sources in org.webjars.bowergithub.vaadin:vaadin-menu-bar versions 1.0.0 through 1.2.0 (Vaadin 14.0.0 through 14.4.4) allows remote attackers to execute malicious JavaScript in browser by opening crafted URL | ||||
| CVE-2021-33570 | 1 Postbird Project | 1 Postbird | 2024-11-21 | 5.4 Medium |
| Postbird 0.8.4 allows stored XSS via the onerror attribute of an IMG element in any PostgreSQL database table. This can result in reading local files via vectors involving XMLHttpRequest and open of a file:/// URL, or discovering PostgreSQL passwords via vectors involving Window.localStorage and savedConnections. | ||||
| CVE-2021-33562 | 1 Shopizer | 1 Shopizer | 2024-11-21 | 4.8 Medium |
| A reflected cross-site scripting (XSS) vulnerability in Shopizer before 2.17.0 allows remote attackers to inject arbitrary web script or HTML via the ref parameter to a page about an arbitrary product, e.g., a product/insert-product-name-here.html/ref= URL. | ||||