Total
41414 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-29459 | 1 Xwiki | 1 Xwiki | 2024-11-21 | 9.6 Critical |
| XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading XWiki. The vulnerability has been patched on XWiki 12.8 and 12.6.3. | ||||
| CVE-2021-29448 | 1 Pi-hole | 3 Ftldns, Pi-hole, Web Interface | 2024-11-21 | 7.6 High |
| Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details. | ||||
| CVE-2021-29438 | 1 Nextcloud\/dialogs Project | 1 Nextcloud\/dialogs | 2024-11-21 | 4.6 Medium |
| The Nextcloud dialogs library (npm package @nextcloud/dialogs) before 3.1.2 insufficiently escaped text input passed to a toast. If your application displays toasts with user-supplied input, this could lead to a XSS vulnerability. The vulnerability has been patched in version 3.1.2 If you need to display HTML in the toast, explicitly pass the `options.isHTML` config flag. | ||||
| CVE-2021-29434 | 1 Torchbox | 1 Wagtail | 2024-11-21 | 6.1 Medium |
| Wagtail is a Django content management system. In affected versions of Wagtail, when saving the contents of a rich text field in the admin interface, Wagtail does not apply server-side checks to ensure that link URLs use a valid protocol. A malicious user with access to the admin interface could thus craft a POST request to publish content with `javascript:` URLs containing arbitrary code. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. See referenced GitHub advisory for additional details, including a workaround. Patched versions have been released as Wagtail 2.11.7 (for the LTS 2.11 branch) and Wagtail 2.12.4 (for the current 2.12 branch). | ||||
| CVE-2021-29399 | 2 Php, Xmbforum2 | 2 Php, Xmb | 2024-11-21 | 6.1 Medium |
| XMB is vulnerable to cross-site scripting (XSS) due to inadequate filtering of BBCode input. This bug affects all versions of XMB. All XMB installations must be updated to versions 1.9.12.03 or 1.9.11.16. | ||||
| CVE-2021-29388 | 1 Budget Management System Project | 1 Budget Management System | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability in SourceCodester Budget Management System 1.0 allows users to inject and store arbitrary JavaScript code in index.php via vulnerable field 'Budget Title'. | ||||
| CVE-2021-29387 | 1 Equipment Inventory System Project | 1 Equipment Inventory System | 2024-11-21 | 5.4 Medium |
| Multiple stored cross-site scripting (XSS) vulnerabilities in Sourcecodester Equipment Inventory System 1.0 allow remote attackers to inject arbitrary javascript via any "Add" sections, such as Add Item , Employee and Position or others in the Name Parameters. | ||||
| CVE-2021-29370 | 1 Cheetah Browser Project | 1 Cheetah Browser | 2024-11-21 | 6.1 Medium |
| A UXSS was discovered in the Thanos-Soft Cheetah Browser in Android 1.2.0 due to the inadequate filter of the intent scheme. This resulted in Cross-site scripting on the cheetah browser in any website. | ||||
| CVE-2021-29313 | 1 Seacms | 1 Seacms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in SeaCMS 12.6 via the (1) v_company and (2) v_tvs parameters in /admin_video.php, | ||||
| CVE-2021-29274 | 1 Redmine | 1 Redmine | 2024-11-21 | 6.1 Medium |
| Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. | ||||
| CVE-2021-29272 | 1 Microco | 1 Bluemonday | 2024-11-21 | 6.1 Medium |
| bluemonday before 1.0.5 allows XSS because certain Go lowercasing converts an uppercase Cyrillic character, defeating a protection mechanism against the "script" string. | ||||
| CVE-2021-29271 | 1 Remark42 | 1 Remark42 | 2024-11-21 | 6.1 Medium |
| remark42 before 1.6.1 allows XSS, as demonstrated by "Locator: Locator{URL:" followed by an XSS payload. This is related to backend/app/store/comment.go and backend/app/store/service/service.go. | ||||
| CVE-2021-29267 | 1 Sherlockim | 1 Sherlockim | 2024-11-21 | 6.1 Medium |
| Sherlock SherlockIM through 2021-03-29 allows Cross Site Scripting (XSS) by leveraging the api/Files/Attachment URI to attack help-desk staff via the chatbot feature. | ||||
| CVE-2021-29252 | 1 Rsa | 1 Archer | 2024-11-21 | 5.4 Medium |
| RSA Archer before 6.9 SP1 P1 (6.9.1.1) contains a stored XSS vulnerability. A remote authenticated malicious Archer user with access to modify link name fields could potentially exploit this vulnerability to execute code in a victim's browser. | ||||
| CVE-2021-29250 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.4 Medium |
| BTCPay Server through 1.0.7.0 suffers from a Stored Cross Site Scripting (XSS) vulnerability within the POS Add Products functionality. This enables cookie stealing. | ||||
| CVE-2021-29243 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 6.1 Medium |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS. | ||||
| CVE-2021-29216 | 1 Hpe | 1 Oneview Global Dashboard | 2024-11-21 | 6.1 Medium |
| A remote cross-site scripting vulnerability was discovered in HPE OneView Global Dashboard version(s): Prior to 2.5. HPE has provided a software update to resolve this vulnerability in HPE OneView Global Dashboard. | ||||
| CVE-2021-29211 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2024-11-21 | 4.8 Medium |
| A remote xss vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | ||||
| CVE-2021-29210 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2024-11-21 | 4.8 Medium |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | ||||
| CVE-2021-29209 | 1 Hp | 29 Integrated Lights-out 4, Integrated Lights-out 5, Proliant Bl460c Gen10 Server Blade and 26 more | 2024-11-21 | 4.8 Medium |
| A remote dom xss, crlf injection vulnerability was discovered in HPE Integrated Lights-Out 4 (iLO 4); HPE SimpliVity 380 Gen9; HPE Integrated Lights-Out 5 (iLO 5) for HPE Gen10 Servers; HPE SimpliVity 380 Gen10; HPE SimpliVity 2600; HPE SimpliVity 380 Gen10 G; HPE SimpliVity 325; HPE SimpliVity 380 Gen10 H version(s): Prior to version 2.78. | ||||