Total
42056 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-30146 | 1 Seafile | 1 Seafile | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Seafile 7.0.5 (2019) allows Persistent XSS via the "share of library functionality." | |||||
| CVE-2021-30140 | 1 Liquidfiles | 1 Liquidfiles | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| LiquidFiles 3.4.15 has stored XSS through the "send email" functionality when sending a file via email to an administrator. When a file has no extension and contains malicious HTML / JavaScript content (such as SVG with HTML content), the payload is executed upon a click. This is fixed in 3.5. | |||||
| CVE-2021-30133 | 1 Cloverdx | 1 Cloverdx | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in CloverDX Server 5.9.0, CloverDX 5.8.1, CloverDX 5.7.0, and earlier allows remote attackers to inject arbitrary web script or HTML via the sessionToken parameter of multiple methods in Simple HTTP API. This is resolved in 5.9.1 and 5.10. | |||||
| CVE-2021-30125 | 1 Jamf | 1 Jamf | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jamf Pro before 10.28.0 allows XSS related to inventory history, aka PI-009376. | |||||
| CVE-2021-30119 | 1 Kaseya | 1 Vsa | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request: `https://x.x.x.x/HelpDeskTab/rcResults.asp?result=<script>alert(document.cookie)</script>` The same is true for the parameter FileName of /done.asp Eaxmple request: `https://x.x.x.x/done.asp?FileName=";</script><script>alert(1);a="&PathData=&originalName=shell.aspx&FileSize=4388&TimeElapsed=00:00:00.078` | |||||
| CVE-2021-30113 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website. | |||||
| CVE-2021-30111 | 1 Web-school | 1 Enterprise Resource Planning | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed. | |||||
| CVE-2021-30109 | 1 Froala | 1 Froala Editor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module. | |||||
| CVE-2021-30086 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information. | |||||
| CVE-2021-30083 | 1 Webfairy | 1 Mediat | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php. | |||||
| CVE-2021-30082 | 1 Gris Cms Project | 1 Gris Cms | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard. | |||||
| CVE-2021-30074 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character. | |||||
| CVE-2021-30071 | 1 Hestiacp | 1 Control Panel | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | |||||
| CVE-2021-30058 | 1 Eng | 1 Knowage | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage Suite before 7.4 is vulnerable to cross-site scripting (XSS). An attacker can inject arbitrary external script in '/knowagecockpitengine/api/1.0/pages/execute' via the 'SBI_HOST' parameter. | |||||
| CVE-2021-30056 | 1 Eng | 1 Knowage | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite before 7.4 is vulnerable to reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in /restful-services/publish via the 'EXEC_FROM' parameter that can lead to data leakage. | |||||
| CVE-2021-30049 | 1 Sysaid | 1 Sysaid | 2024-11-21 | 4.3 MEDIUM | 6.1 MEDIUM |
| SysAid 20.3.64 b14 is affected by Cross Site Scripting (XSS) via a /KeepAlive.jsp?stamp= URI. | |||||
| CVE-2021-30044 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the First Name or Last Name field on staff/register.php. | |||||
| CVE-2021-30042 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Clinic Name", "Clinic Address", "Clinic City", or "Clinic Contact" field on clinics/register.php | |||||
| CVE-2021-30039 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the "Fever" or "Blood Pressure" field on the patients/register-report.php. | |||||
| CVE-2021-30034 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in Remote Clinic v2.0 via the Symptons field on patients/register-report.php. | |||||