Total
41414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-30125 | 1 Jamf | 1 Jamf | 2024-11-21 | 6.1 Medium |
| Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | ||||
| CVE-2021-30119 | 1 Kaseya | 1 Vsa | 2024-11-21 | 5.4 Medium |
| Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078` | ||||
| CVE-2021-30113 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 6.1 Medium |
| A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | ||||
| CVE-2021-30111 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. | ||||
| CVE-2021-30109 | 1 Froala | 1 Froala Editor | 2024-11-21 | 6.1 Medium |
| Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. | ||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | ||||
| CVE-2021-30083 | 1 Webfairy | 1 Mediat | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php. | ||||
| CVE-2021-30082 | 1 Gris Cms Project | 1 Gris Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. | ||||
| CVE-2021-30074 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 6.1 Medium |
| docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. | ||||
| CVE-2021-30071 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2021-30058 | 1 Eng | 1 Knowage | 2024-11-21 | 6.1 Medium |
| Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. | ||||
| CVE-2021-30056 | 1 Eng | 1 Knowage | 2024-11-21 | 5.4 Medium |
| Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. | ||||
| CVE-2021-30049 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 6.1 Medium |
| SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | ||||
| CVE-2021-30044 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. | ||||
| CVE-2021-30042 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php | ||||
| CVE-2021-30039 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php. | ||||
| CVE-2021-30034 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. | ||||
| CVE-2021-30030 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Full Name field on register-patient.php. | ||||
| CVE-2021-30003 | 1 Nokia | 2 G-120w-f, G-120w-f Firmware | 2024-11-21 | 4.8 Medium |
| An issue was discovered on Nokia G-120W-F 3FE46606AGAB91 devices. There is Stored XSS in the administrative interface via urlfilter.cgi?add url_address. | ||||
| CVE-2021-29996 | 1 Marktext | 1 Marktext | 2024-11-21 | 9.6 Critical |
| Mark Text through 0.16.3 allows attackers arbitrary command execution. This could lead to Remote Code Execution (RCE) by opening .md files containing a mutation Cross Site Scripting (XSS) payload. | ||||