Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-20125 | 1 Earclink | 1 Espcms-p8 | 2021-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| EARCLINK ESPCMS-P8 contains a cross-site scripting (XSS) vulnerability in espcms_web\espcms_load.php. | |||||
| CVE-2021-41095 | 1 Discourse | 1 Discourse | 2021-10-06 | 4.3 MEDIUM | 6.1 MEDIUM |
| Discourse is an open source discussion platform. There is a cross-site scripting (XSS) vulnerability in versions 2.7.7 and earlier of the `stable` branch, versions 2.8.0.beta6 and earlier of the `beta` branch, and versions 2.8.0.beta6 and earlier of the `tests-passed` branch. Rendering of some error messages that contain user input can be susceptible to XSS attacks. This vulnerability only affects sites which have blocked watched words that contain HTML tags, modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable`, `beta` and `tests-passed` versions of Discourse. As a workaround, avoid modifying or disabling Discourse’s default Content Security Policy, and blocking watched words containing HTML tags. | |||||
| CVE-2021-24671 | 1 Mx Time Zone Clocks Project | 1 Mx Time Zone Clocks | 2021-10-05 | 3.5 LOW | 5.4 MEDIUM |
| The MX Time Zone Clocks WordPress plugin before 3.4.1 does not escape the time_zone attribute of the mxmtzc_time_zone_clocks shortcode, allowing users with a role as low as Contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-26587 | 1 Hpe | 12 Storeonce 3620, Storeonce 3620 Firmware, Storeonce 3640 and 9 more | 2021-10-05 | 6.0 MEDIUM | 6.5 MEDIUM |
| A potential DOM-based Cross Site Scripting security vulnerability has been identified in HPE StoreOnce. The vulnerability could be remotely exploited to cause an elevation of privilege leading to partial impact to confidentiality, availability, and integrity. HPE has made the following software update - HPE StoreOnce 4.3.0, to resolve the vulnerability in HPE StoreOnce. | |||||
| CVE-2021-37860 | 1 Mattermost | 1 Mattermost | 2021-10-05 | 2.6 LOW | 6.1 MEDIUM |
| Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | |||||
| CVE-2021-24569 | 1 Hu-manity | 1 Cookie Notice \& Compliance For Gdpr \/ Ccpa | 2021-10-04 | 3.5 LOW | 4.8 MEDIUM |
| The Cookie Notice & Compliance for GDPR / CCPA WordPress plugin before 2.1.2 does not escape the value of its Button Text setting when outputting it in an attribute in the frontend, allowing high privilege users such as admin to perform Cross-Site Scripting even when the unfiltered_html capability is disallowed. | |||||
| CVE-2021-24610 | 1 Cozmoslabs | 1 Translatepress | 2021-10-04 | 3.5 LOW | 4.8 MEDIUM |
| The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. | |||||
| CVE-2021-24632 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.1 does not escape the message parameter before outputting it back in the admin dashboard, leading to a Reflected Cross-Site Scripting issue | |||||
| CVE-2021-24634 | 1 Wpzoom | 1 Recipe Card Blocks For Gutenberg \& Elementor | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| The Recipe Card Blocks by WPZOOM WordPress plugin before 2.8.3 does not properly sanitise or escape some of the properties of the Recipe Card Block (such as ingredientsLayout, iconSet, steps, ingredients, recipeTitle, or settings), which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks. | |||||
| CVE-2021-24643 | 1 Wp Map Block Project | 1 Wp Map Block | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| The WP Map Block WordPress plugin before 1.2.3 does not escape some attributes of the WP Map Block, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks | |||||
| CVE-2021-23054 | 1 F5 | 1 Big-ip Access Policy Manager | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| On version 16.x before 16.1.0, 15.1.x before 15.1.4, 14.1.x before 14.1.4.4, and all versions of 13.1.x, 12.1.x, and 11.6.x, a reflected cross-site scripting (XSS) vulnerability exists in the resource information page for authenticated users when a full webtop is configured on the BIG-IP APM system. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-35204 | 1 Netscout | 1 Ngeniusone | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. | |||||
| CVE-2021-35200 | 1 Netscout | 1 Ngeniusone | 2021-10-04 | 3.5 LOW | 4.8 MEDIUM |
| NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. | |||||
| CVE-2021-35199 | 1 Netscout | 1 Ngeniusone | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. | |||||
| CVE-2021-35198 | 1 Netscout | 1 Ngeniusone | 2021-10-04 | 3.5 LOW | 5.4 MEDIUM |
| NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. | |||||
| CVE-2021-40971 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1 parameter. | |||||
| CVE-2021-40973 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. | |||||
| CVE-2021-40972 | 1 Spotweb Project | 1 Spotweb | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. | |||||
| CVE-2021-41461 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | |||||
| CVE-2021-41462 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2021-10-04 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. | |||||