Total
38117 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-26549 | 1 Smartfoxserver | 1 Smartfoxserver | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. | |||||
| CVE-2021-26544 | 1 Apache | 1 Livy | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Livy server version 0.7.0-incubating (only) is vulnerable to a cross site scripting issue in the session name. A malicious user could use this flaw to access logs and results of other users' sessions and run jobs with their privileges. This issue is fixed in Livy 0.7.1-incubating. | |||||
| CVE-2021-26475 | 1 Eprints | 1 Eprints | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. | |||||
| CVE-2021-26304 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | |||||
| CVE-2021-26303 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. | |||||
| CVE-2021-26263 | 1 Odoo | 1 Odoo | 2024-11-21 | N/A | 6.1 MEDIUM |
| Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | |||||
| CVE-2021-26256 | 1 Ays-pro | 1 Survey Maker | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Survey Maker WordPress plugin (versions <= 2.0.6). | |||||
| CVE-2021-26247 | 1 Cacti | 1 Cacti | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter. | |||||
| CVE-2021-26230 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php. | |||||
| CVE-2021-26227 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php. | |||||
| CVE-2021-26224 | 1 Fantastic Blog Project | 1 Fantastic Blog | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. | |||||
| CVE-2021-26123 | 1 Livinglogic | 1 Xist4c | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm. | |||||
| CVE-2021-26122 | 1 Livinglogic | 1 Xist4c | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm. | |||||
| CVE-2021-26092 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.3 MEDIUM | 4.7 MEDIUM |
| Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. | |||||
| CVE-2021-26083 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2021-26082 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. | |||||
| CVE-2021-26080 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | |||||
| CVE-2021-26079 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | |||||
| CVE-2021-26078 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | |||||
| CVE-2021-26039 | 1 Joomla | 1 Joomla\! | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Joomla! 3.0.0 through 3.9.27. Inadequate escaping in the imagelist view of com_media leads to a XSS vulnerability. | |||||