Total
41273 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-21628 | 1 Jenkins | 1 Build With Parameters | 2024-11-21 | 5.4 Medium |
| Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2021-21622 | 1 Jenkins | 1 Artifact Repository Parameter | 2024-11-21 | 5.4 Medium |
| Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2021-21619 | 1 Jenkins | 1 Claim | 2024-11-21 | 5.4 Medium |
| Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins. | ||||
| CVE-2021-21618 | 1 Jenkins | 1 Repository Connector | 2024-11-21 | 5.4 Medium |
| Jenkins Repository Connector Plugin 2.0.2 and earlier does not escape parameter names and descriptions for past builds, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Item/Configure permission. | ||||
| CVE-2021-21616 | 1 Jenkins | 1 Active Choices | 2024-11-21 | 4.6 Medium |
| Jenkins Active Choices Plugin 2.5.2 and earlier does not escape reference parameter values, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission. | ||||
| CVE-2021-21613 | 1 Jenkins | 1 Tics | 2024-11-21 | 6.1 Medium |
| Jenkins TICS Plugin 2020.3.0.6 and earlier does not escape TICS service responses, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers able to control TICS service response content. | ||||
| CVE-2021-21611 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape display names and IDs of item types shown on the New Item page, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to specify display names or IDs of item types. | ||||
| CVE-2021-21610 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 6.1 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not implement any restrictions for the URL rendering a formatted preview of markup passed as a query parameter, resulting in a reflected cross-site scripting (XSS) vulnerability if the configured markup formatter does not prohibit unsafe elements (JavaScript) in markup. | ||||
| CVE-2021-21608 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape button labels in the Jenkins UI, resulting in a cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to control button labels. | ||||
| CVE-2021-21603 | 2 Jenkins, Redhat | 2 Jenkins, Openshift | 2024-11-21 | 5.4 Medium |
| Jenkins 2.274 and earlier, LTS 2.263.1 and earlier does not escape notification bar response contents, resulting in a cross-site scripting (XSS) vulnerability. | ||||
| CVE-2021-21581 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-11-21 | 6.5 Medium |
| Dell EMC iDRAC9 versions prior to 5.00.00.00 contain a cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | ||||
| CVE-2021-21577 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-11-21 | 6.1 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | ||||
| CVE-2021-21576 | 1 Dell | 1 Emc Idrac9 Firmware | 2024-11-21 | 6.1 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.40.00 contain a DOM-based cross-site scripting vulnerability. A remote attacker could potentially exploit this vulnerability to run malicious HTML or JavaScript in a victim’s browser by tricking a victim in to following a specially crafted link. | ||||
| CVE-2021-21543 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 4.8 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected parameters. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | ||||
| CVE-2021-21542 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 4.8 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.10.00 contain multiple stored cross-site scripting vulnerabilities. A remote authenticated malicious user with high privileges could potentially exploit these vulnerabilities to store malicious HTML or JavaScript code through multiple affected while generating a certificate. When victim users access the submitted data through their browsers, the malicious code gets executed by the web browser in the context of the vulnerable application. | ||||
| CVE-2021-21541 | 1 Dell | 1 Idrac9 Firmware | 2024-11-21 | 6.1 Medium |
| Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application. | ||||
| CVE-2021-21515 | 1 Dell | 1 Emc Sourceone | 2024-11-21 | 9 Critical |
| Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. A remote low privileged attacker may potentially exploit this vulnerability, to hijack user sessions or to trick a victim application user to unknowingly send arbitrary requests to the server. | ||||
| CVE-2021-21490 | 1 Sap | 1 Netweaver Application Server Abap | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver AS for ABAP (Web Survey), versions - 700, 702, 710, 711, 730, 731, 750, 750, 752, 75A, 75F, does not sufficiently encode input and output parameters which results in reflected cross site scripting vulnerability, through which a malicious user can access data relating to the current session and use it to impersonate a user and access all information with the same rights as the target user. | ||||
| CVE-2021-21489 | 1 Sap | 1 Netweaver Enterprise Portal | 2024-11-21 | 4.8 Medium |
| SAP NetWeaver Enterprise Portal versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently encode user related data, resulting in Stored Cross-Site Scripting (XSS) vulnerability. This would allow an attacker with administrative privileges to store a malicious script on the portal. The execution of the script content by a victim registered on the portal could compromise the confidentiality and integrity of portal content. | ||||
| CVE-2021-21447 | 1 Sap | 1 Businessobjects Business Intelligence | 2024-11-21 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence platform, versions 410, 420, allows an authenticated attacker to inject malicious JavaScript payload into the custom value input field of an Input Control, which can be executed by User who views the relevant application content, which leads to Stored Cross-Site Scripting. | ||||