Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-43141 | 1 Simple Subscription Website Project | 1 Simple Subscription Website | 2021-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Simple Subscription Website 1.0 via the id parameter in plan_application. | |||||
| CVE-2021-33492 | 1 Open-xchange | 1 Ox App Suite | 2021-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.5 allows XSS via an OX Chat room name. | |||||
| CVE-2020-22719 | 1 Shimo | 1 Document | 2021-11-23 | 3.5 LOW | 5.4 MEDIUM |
| Shimo Document v2.0.1 contains a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the table content text field. | |||||
| CVE-2021-33850 | 1 Microsoft | 1 Clarity | 2021-11-23 | 3.5 LOW | 5.4 MEDIUM |
| There is a Cross-Site Scripting vulnerability in Microsoft Clarity version 0.3. The XSS payload executes whenever the user changes the clarity configuration in Microsoft Clarity version 0.3. The payload is stored on the configuring project Id page. | |||||
| CVE-2021-3950 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2021-11-23 | 3.5 LOW | 5.4 MEDIUM |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3961 | 1 Snipeitapp | 1 Snipe-it | 2021-11-23 | 3.5 LOW | 5.4 MEDIUM |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-3920 | 1 Getgrav | 1 Grav-plugin-admin | 2021-11-23 | 3.5 LOW | 5.4 MEDIUM |
| grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-43549 | 1 Osisoft | 1 Pi Web Api | 2021-11-23 | 3.5 LOW | 4.8 MEDIUM |
| A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information. | |||||
| CVE-2021-38375 | 1 Open-xchange | 1 Ox App Suite | 2021-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via the alt attribute of an IMG element in a truncated e-mail message. | |||||
| CVE-2021-33495 | 1 Open-xchange | 1 Ox App Suite | 2021-11-23 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite 7.10.5 allows XSS via an OX Chat system message. | |||||
| CVE-2021-38681 | 1 Qnap | 2 Nas, Ragic Cloud Db | 2021-11-23 | 4.3 MEDIUM | 5.4 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Ragic Cloud DB. If exploited, this vulnerability allows remote attackers to inject malicious code. QNAP have already disabled and removed Ragic Cloud DB from the QNAP App Center, pending a security patch from Ragic. | |||||
| CVE-2021-40131 | 1 Cisco | 1 Common Services Platform Collector | 2021-11-22 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in the web-based management interface of Cisco Common Services Platform Collector (CSPC) could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input that is processed by the web-based management interface. An attacker could exploit this vulnerability by adding malicious code to the configuration by using the web-based management interface. A successful exploit could allow the attacker to execute arbitrary code in the context of the interface or access sensitive, browser-based information. | |||||
| CVE-2021-33490 | 1 Open-xchange | 1 Ox App Suite | 2021-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via a crafted snippet in a shared mail signature. | |||||
| CVE-2021-33489 | 1 Open-xchange | 1 Ox App Suite | 2021-11-22 | 4.3 MEDIUM | 6.1 MEDIUM |
| OX App Suite through 7.10.5 allows XSS via JavaScript code in a shared XCF file. | |||||
| CVE-2021-42363 | 1 Preview E-mails For Woocommerce Project | 1 Preview E-mails For Woocommerce | 2021-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Preview E-Mails for WooCommerce WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the search_order parameter found in the ~/views/form.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 1.6.8. | |||||
| CVE-2021-42360 | 1 Brainstormforce | 1 Starter Templates | 2021-11-19 | 3.5 LOW | 5.4 MEDIUM |
| On sites that also had the Elementor plugin for WordPress installed, it was possible for users with the edit_posts capability, which includes Contributor-level users, to import blocks onto any page using the astra-page-elementor-batch-process AJAX action. An attacker could craft and host a block containing malicious JavaScript on a server they controlled, and then use it to overwrite any post or page by sending an AJAX request with the action set to astra-page-elementor-batch-process and the url parameter pointed to their remotely-hosted malicious block, as well as an id parameter containing the post or page to overwrite. Any post or page that had been built with Elementor, including published pages, could be overwritten by the imported block, and the malicious JavaScript in the imported block would then be executed in the browser of any visitors to that page. | |||||
| CVE-2021-43047 | 1 Tibco | 1 Partnerexpress | 2021-11-19 | 8.5 HIGH | 9.0 CRITICAL |
| The Interior Server and Gateway Server components of TIBCO Software Inc.'s TIBCO PartnerExpress contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO PartnerExpress: versions 6.2.1 and below. | |||||
| CVE-2021-24796 | 1 My Tickets Project | 1 My Tickets | 2021-11-19 | 4.3 MEDIUM | 6.1 MEDIUM |
| The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins | |||||
| CVE-2021-24598 | 1 Wpshopmart | 1 Testimonial Builder | 2021-11-19 | 3.5 LOW | 4.8 MEDIUM |
| The Testimonial WordPress plugin before 1.6.0 does not escape some testimonial fields which could allow high privilege users to perform Cross Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24834 | 1 Yop-poll | 1 Yop Poll | 2021-11-18 | 4.3 MEDIUM | 5.4 MEDIUM |
| The YOP Poll WordPress plugin before 6.3.1 is affected by a stored Cross-Site Scripting vulnerability which exists in the Create Poll - Options module where a user with a role as low as author is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of custom label parameters - vote button label , results link label and back to vote caption label. | |||||