Total
41414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30744 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2024-11-21 | 6.1 Medium |
| Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2021-30689 | 2 Apple, Redhat | 8 Ipados, Iphone Os, Macos and 5 more | 2024-11-21 | 6.1 Medium |
| A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting. | ||||
| CVE-2021-30650 | 1 Broadcom | 1 Layer7 Api Management Oauth Toolkit | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in the Symantec Layer7 API Management OAuth Toolkit (OTK) allows a remote attacker to craft a malicious URL for the OTK web UI and target OTK users with phishing attacks or other social engineering techniques. A successful attack allows injecting malicious code into the OTK web UI client application. | ||||
| CVE-2021-30637 | 1 Htmly | 1 Htmly | 2024-11-21 | 5.4 Medium |
| htmly 2.8.0 allows stored XSS via the blog title, Tagline, or Description to config.html.php. | ||||
| CVE-2021-30458 | 1 Wikimedia | 1 Parsoid | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Wikimedia Parsoid before 0.11.1 and 0.12.x before 0.12.2. An attacker can send crafted wikitext that Utils/WTUtils.php will transform by using a <meta> tag, bypassing sanitization steps, and potentially allowing for XSS. | ||||
| CVE-2021-30227 | 1 Emlog | 1 Emlog | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in the article comments feature in emlog 6.0. | ||||
| CVE-2021-30213 | 1 Eng | 1 Knowage | 2024-11-21 | 6.1 Medium |
| Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. | ||||
| CVE-2021-30212 | 1 Eng | 1 Knowage | 2024-11-21 | 5.4 Medium |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter. | ||||
| CVE-2021-30211 | 1 Eng | 1 Knowage | 2024-11-21 | 5.4 Medium |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter. | ||||
| CVE-2021-30174 | 1 Ruiyanai | 1 Cloudiso | 2024-11-21 | 5.4 Medium |
| RiyaLab CloudISO event item is added, special characters in specific field of time management page are not properly filtered, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks. | ||||
| CVE-2021-30172 | 1 Junhetec | 1 Omnidirectional Communication System | 2024-11-21 | 4.6 Medium |
| Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information. | ||||
| CVE-2021-30171 | 1 Junhetec | 1 Enterprise Resource Planning Point Of Sale System | 2024-11-21 | 4.6 Medium |
| Special characters of ERP POS news page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information. | ||||
| CVE-2021-30170 | 1 Junhetec | 1 Enterprise Resource Planning Point Of Sale System | 2024-11-21 | 4.6 Medium |
| Special characters of ERP POS customer profile page are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out stored XSS (Stored Cross-site scripting) attacks, additionally access and manipulate customer’s information. | ||||
| CVE-2021-30157 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. | ||||
| CVE-2021-30154 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. | ||||
| CVE-2021-30151 | 3 Contribsys, Debian, Redhat | 3 Sidekiq, Debian Linux, Satellite | 2024-11-21 | 6.1 Medium |
| Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | ||||
| CVE-2021-30150 | 1 Ocproducts | 1 Composr | 2024-11-21 | 6.1 Medium |
| Composr 10.0.36 allows XSS in an XML script. | ||||
| CVE-2021-30146 | 1 Seafile | 1 Seafile | 2024-11-21 | 5.4 Medium |
| Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | ||||
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 5.4 Medium |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | ||||
| CVE-2021-30133 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10. | ||||