Total
41277 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23673 | 1 Pekeupload Project | 1 Pekeupload | 2024-11-21 | 5.4 Medium |
| This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. | ||||
| CVE-2021-23648 | 3 Fedoraproject, Paypal, Redhat | 4 Fedora, Braintree\/sanitize-url, Enterprise Linux and 1 more | 2024-11-21 | 5.4 Medium |
| The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | ||||
| CVE-2021-23445 | 2 Datatables, Redhat | 2 Datatables.net, Jboss Enterprise Application Platform | 2024-11-21 | 3.1 Low |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | ||||
| CVE-2021-23439 | 1 Johndatserakis | 1 File-upload-with-preview | 2024-11-21 | 4.2 Medium |
| This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). | ||||
| CVE-2021-23416 | 1 Curly-bracket-parser Project | 1 Curly-bracket-parser | 2024-11-21 | 5.4 Medium |
| This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input. | ||||
| CVE-2021-23414 | 2 Fedoraproject, Videojs | 2 Fedora, Video.js | 2024-11-21 | 6.5 Medium |
| This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. | ||||
| CVE-2021-23411 | 1 Anchorme Project | 1 Anchorme | 2024-11-21 | 5.4 Medium |
| Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction. | ||||
| CVE-2021-23398 | 1 React-bootstrap-table Project | 1 React-bootstrap-table | 2024-11-21 | 6.1 Medium |
| All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. | ||||
| CVE-2021-23347 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 4.7 Medium |
| The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | ||||
| CVE-2021-23342 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 8.6 High |
| This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters | ||||
| CVE-2021-23327 | 1 Fusioncharts | 1 Apexcharts | 2024-11-21 | 6.3 Medium |
| The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields. | ||||
| CVE-2021-23288 | 1 Eaton | 1 Intelligent Power Protector | 2024-11-21 | 5.6 Medium |
| The vulnerability exists due to insufficient validation of input from certain resources by the IPP software. The attacker would need access to the local Subnet and an administrator interaction to compromise the system. This issue affects: Intelligent Power Protector versions prior to 1.69. | ||||
| CVE-2021-23287 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 5.6 Medium |
| The vulnerability exists due to insufficient validation of input of certain resources within the IPM software. This issue affects: Intelligent Power Manager (IPM 1) versions prior to 1.70. | ||||
| CVE-2021-23285 | 1 Eaton | 1 Intelligent Power Manager | 2024-11-21 | 3.1 Low |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to reflected Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | ||||
| CVE-2021-23284 | 1 Eaton | 1 Intelligent Power Manager Infrastructure | 2024-11-21 | 5.7 Medium |
| Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) version 1.5.0plus205 and all prior versions are vulnerable to Stored Cross-site Scripting vulnerability. This issue affects: Eaton Intelligent Power Manager Infrastructure (IPM Infrastructure) all version 1.5.0plus205 and prior versions. | ||||
| CVE-2021-23283 | 1 Eaton | 1 Intelligent Power Protector | 2024-11-21 | 5.2 Medium |
| Eaton Intelligent Power Protector (IPP) prior to version 1.69 is vulnerable to stored Cross Site Scripting. The vulnerability exists due to insufficient validation of user input and improper encoding of the output for certain resources within the IPP software. | ||||
| CVE-2021-23273 | 1 Tibco | 4 Analytics Platform, Spotfire Analyst, Spotfire Desktop and 1 more | 2024-11-21 | 8 High |
| The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a stored Cross Site Scripting (XSS) attack on the affected system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Spotfire Analyst: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, TIBCO Spotfire Analytics Platform for AWS Marketplace: versions 11.1.0 and below, TIBCO Spotfire Desktop: versions 10.3.3 and below, versions 10.10.0, 10.10.1, and 10.10.2, versions 10.7.0, 10.8.0, 10.9.0, 11.0.0, and 11.1.0, and TIBCO Spotfire Server: versions 10.3.11 and below, versions 10.10.0, 10.10.1, 10.10.2, and 10.10.3, versions 10.7.0, 10.8.0, 10.8.1, 10.9.0, 11.0.0, and 11.1.0. | ||||
| CVE-2021-23272 | 1 Tibco | 2 Bpm Enterprise, Bpm Enterprise Distribution For Silver Fabric | 2024-11-21 | 4.6 Medium |
| The Application Development Clients component of TIBCO Software Inc.'s TIBCO BPM Enterprise and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO BPM Enterprise: versions 4.3.0 and below and TIBCO BPM Enterprise Distribution for TIBCO Silver Fabric: versions 4.3.0 and below. | ||||
| CVE-2021-23271 | 1 Tibco | 1 Ebx | 2024-11-21 | 8 High |
| The TIBCO EBX Web Server component of TIBCO Software Inc.'s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.'s TIBCO EBX: versions 5.9.12 and below. | ||||
| CVE-2021-23260 | 1 Craftercms | 1 Crafter Cms | 2024-11-21 | 6.5 Medium |
| Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site. | ||||