Total
41413 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27676 | 1 Centreon | 1 Centreon | 2024-11-21 | 5.4 Medium |
| Centreon version 20.10.2 is affected by a cross-site scripting (XSS) vulnerability. The dep_description (Dependency Description) and dep_name (Dependency Name) parameters are vulnerable to stored XSS. A user has to log in and go to the Configuration > Notifications > Hosts page. | ||||
| CVE-2021-27673 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. | ||||
| CVE-2021-27671 | 1 Comrak Project | 1 Comrak | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the comrak crate before 0.9.1 for Rust. XSS can occur because the protection mechanism for data: and javascript: URIs is case-sensitive, allowing (for example) Data: to be used in an attack. | ||||
| CVE-2021-27659 | 1 Johnsoncontrols | 1 Exacqvision Web Service | 2024-11-21 | 5.3 Medium |
| exacqVision Web Service 21.03 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2021-27658 | 1 Johnsoncontrols | 1 Exacqvision Enterprise Manager | 2024-11-21 | 4.3 Medium |
| exacqVision Enterprise Manager 20.12 does not sufficiently validate, filter, escape, and/or encode user-controllable input before it is placed in output that is used as a web page that is served to other users. | ||||
| CVE-2021-27615 | 1 Sap | 1 Manufacturing Execution | 2024-11-21 | 5.4 Medium |
| SAP Manufacturing Execution versions - 15.1, 1.5.2, 15.3, 15.4, does not contain some HTTP security headers in their HTTP response. The lack of these headers in response can be exploited by the attacker to execute Cross-Site Scripting (XSS) attacks. | ||||
| CVE-2021-27601 | 1 Sap | 1 Netweaver Application Server Java | 2024-11-21 | 5.4 Medium |
| SAP NetWeaver AS Java (Applications based on HTMLB for Java) allows a basic-level authorized attacker to store a malicious file on the server. When a victim tries to open this file, it results in a Cross-Site Scripting (XSS) vulnerability and the attacker can read and modify data. However, the attacker does not have control over kind or degree. | ||||
| CVE-2021-27600 | 1 Sap | 1 Manufacturing Execution | 2024-11-21 | 5.4 Medium |
| SAP Manufacturing Execution (System Rules), versions - 15.1, 15.2, 15.3, 15.4, allows an authorized attacker to embed malicious code into HTTP parameter and send it to the server because SAP Manufacturing Execution (System Rules) tab does not sufficiently encode some parameters, resulting in Stored Cross-Site Scripting (XSS) vulnerability. The malicious code can be used for different purposes. e.g., information can be read, modified, and sent to the attacker. However, availability of the server cannot be impacted. | ||||
| CVE-2021-27578 | 1 Apache | 1 Zeppelin | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting vulnerability in markdown interpreter of Apache Zeppelin allows an attacker to inject malicious scripts. This issue affects Apache Zeppelin Apache Zeppelin versions prior to 0.9.0. | ||||
| CVE-2021-27564 | 1 Appspace | 1 Appspace | 2024-11-21 | 5.4 Medium |
| A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. | ||||
| CVE-2021-27559 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. | ||||
| CVE-2021-27558 | 1 Easycorp | 1 Zentao | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. | ||||
| CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | ||||
| CVE-2021-27531 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. | ||||
| CVE-2021-27530 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. | ||||
| CVE-2021-27529 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. | ||||
| CVE-2021-27528 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. | ||||
| CVE-2021-27527 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. | ||||
| CVE-2021-27526 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. | ||||
| CVE-2021-27524 | 1 Margox | 1 Braft-editor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | ||||