Total
38124 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30157 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On ChangesList special pages such as Special:RecentChanges and Special:Watchlist, some of the rcfilters-filter-* label messages are output in HTML unescaped, leading to XSS. | |||||
| CVE-2021-30154 | 3 Debian, Fedoraproject, Mediawiki | 3 Debian Linux, Fedora, Mediawiki | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. On Special:NewFiles, all the mediastatistics-header-* messages are output in HTML unescaped, leading to XSS. | |||||
| CVE-2021-30151 | 2 Contribsys, Debian | 2 Sidekiq, Debian Linux | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Sidekiq through 5.1.3 and 6.x through 6.2.0 allows XSS via the queue name of the live-poll feature when Internet Explorer is used. | |||||
| CVE-2021-30150 | 1 Ocproducts | 1 Composr | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Composr 10.0.36 allows XSS in an XML script. | |||||
| CVE-2021-30146 | 1 Seafile | 1 Seafile | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | |||||
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | |||||
| CVE-2021-30133 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10. | |||||
| CVE-2021-30125 | 1 Jamf | 1 Jamf | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | |||||
| CVE-2021-30119 | 1 Kaseya | 1 Vsa | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078` | |||||
| CVE-2021-30113 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | |||||
| CVE-2021-30111 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. | |||||
| CVE-2021-30109 | 1 Froala | 1 Froala Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. | |||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-30083 | 1 Webfairy | 1 Mediat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php. | |||||
| CVE-2021-30082 | 1 Gris Cms Project | 1 Gris Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. | |||||
| CVE-2021-30074 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. | |||||
| CVE-2021-30071 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-30058 | 1 Eng | 1 Knowage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. | |||||
| CVE-2021-30056 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. | |||||
| CVE-2021-30049 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | |||||