Total
38124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-32641 | 1 Auth0 | 1 Lock | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| auth0-lock is Auth0's signin solution. Versions of nauth0-lock before and including `11.30.0` are vulnerable to reflected XSS. An attacker can execute arbitrary code when the library's `flashMessage` feature is utilized and user input or data from URL parameters is incorporated into the `flashMessage` or the library's `languageDictionary` feature is utilized and user input or data from URL parameters is incorporated into the `languageDictionary`. The vulnerability is patched in version 11.30.1. | |||||
| CVE-2021-32616 | 1 1cdn Project | 1 1cdn | 2024-11-21 | 4.3 MEDIUM | 8.1 HIGH |
| 1CDN is open-source file sharing software. In 1CDN before commit f88a2730fa50fc2c2aeab09011f6f142fd90ec25, there is a basic cross-site scripting vulnerability that allows an attacker to inject /<script>//code</script> and execute JavaScript code on the client side. | |||||
| CVE-2021-32609 | 1 Apache | 1 Superset | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page. | |||||
| CVE-2021-32604 | 1 Solarwinds | 1 Serv-u | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Share/IncomingWizard.htm in SolarWinds Serv-U before 15.2.3 mishandles the user-supplied SenderEmail parameter, aka "Share URL XSS." | |||||
| CVE-2021-32602 | 1 Fortinet | 1 Fortiportal | 2024-11-21 | 4.3 MEDIUM | 5.8 MEDIUM |
| An improper neutralization of input during web page generation vulnerability (CWE-79) in FortiPortal GUI 6.0.4 and below, 5.3.6 and below, 5.2.6 and below, 5.1.2 and below, 5.0.3 and below, 4.2.2 and below, 4.1.2 and below, 4.0.4 and below may allow a remote and unauthenticated attacker to perform an XSS attack via sending a crafted request with an invalid lang parameter or with an invalid org.springframework.web.servlet.i18n.CookieLocaleResolver.LOCALE value. | |||||
| CVE-2021-32597 | 1 Fortinet | 2 Fortianalyzer, Fortimanager | 2024-11-21 | 3.5 LOW | 4.6 MEDIUM |
| Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters. | |||||
| CVE-2021-32585 | 1 Fortinet | 1 Fortiwan | 2024-11-21 | 4.3 MEDIUM | 7.2 HIGH |
| An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiWAN before 4.5.9 may allow an attacker to perform a stored cross-site scripting attack via specifically crafted HTTP requests. | |||||
| CVE-2021-32573 | 1 Express-cart Project | 1 Express-cart | 2024-11-21 | 3.5 LOW | 4.8 MEDIUM |
| The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website. | |||||
| CVE-2021-32569 | 1 Ericsson | 2 Operations Support System-radio And Core, Operations Support System-radio And Core Firmware | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. This problem is completely resolved in new Ericsson library browsing tool ELEX used in systems like Ericsson Network Manager. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. Ericsson Network Manager is a new generation OSS system which OSS-RC customers shall upgrade to | |||||
| CVE-2021-32561 | 1 Octoprint | 1 Octoprint | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| OctoPrint before 1.6.0 allows XSS because API error messages include the values of input parameters. | |||||
| CVE-2021-32544 | 1 Igt\+ Project | 1 Igt\+ | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks. | |||||
| CVE-2021-32542 | 1 Sysjust | 1 Cts Web | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| The parameters of the specific functions in the CTS Web trading system do not filter special characters, which allows unauthenticated attackers can remotely perform reflected XSS and obtain the users’ connection token that triggered the attack. | |||||
| CVE-2021-32540 | 1 Hundredplus | 1 101eip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack. | |||||
| CVE-2021-32539 | 1 Hundredplus | 1 101eip | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack. | |||||
| CVE-2021-32536 | 1 Mcusystem | 1 Mcusystem | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The login page in the MCUsystem does not filter with special characters, which allows remote attackers can inject JavaScript without privilege and thus perform reflected XSS attacks. | |||||
| CVE-2021-32482 | 1 Cloudera | 1 Cloudera Manager | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Manager 5.x, 6.x, 7.1.x, 7.2.x, and 7.3.x allows XSS via the path parameter. | |||||
| CVE-2021-32481 | 1 Cloudera | 1 Hue | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cloudera Hue 4.6.0 allows XSS via the type parameter. | |||||
| CVE-2021-32478 | 1 Moodle | 1 Moodle | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The redirect URI in the LTI authorization endpoint required extra sanitizing to prevent reflected XSS and open redirect risks. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8 and earlier unsupported versions are affected. | |||||
| CVE-2021-32475 | 1 Moodle | 1 Moodle | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected. | |||||
| CVE-2021-32470 | 1 Craftcms | 1 Craft Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Craft CMS before 3.6.13 has an XSS vulnerability. | |||||