Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-3824 | 1 Openvpn | 1 Openvpn Access Server | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. | |||||
| CVE-2021-38870 | 1 Ibm | 1 Aspera On Cloud | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. | |||||
| CVE-2021-41391 | 1 Ericsson | 1 Enterprise Content Management | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. | |||||
| CVE-2021-36872 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. | |||||
| CVE-2021-20829 | 1 Weseek | 1 Growi | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page. | |||||
| CVE-2021-20484 | 1 Ibm | 1 Sterling File Gateway | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. | |||||
| CVE-2021-29800 | 1 Ibm | 2 Jazz For Service Management, Tivoli Netcool\/omnibus Webgui | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2021-39404 | 1 Maianaffiliate | 1 Maianaffiliate | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. | |||||
| CVE-2020-19553 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | |||||
| CVE-2021-20524 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. | |||||
| CVE-2020-19554 | 1 Manageengine | 1 Opmanager | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | |||||
| CVE-2021-41086 | 1 Jsuites | 1 Jsuites | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve. | |||||
| CVE-2021-24530 | 1 Alojapro | 1 Alojapro Widget | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24582 | 1 Thinktwit Project | 1 Thinktwit | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-34650 | 1 Eideasy | 1 Eid Easy | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. | |||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | |||||
| CVE-2020-19915 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | |||||
| CVE-2021-24587 | 1 Zeesweb | 1 Splash Header | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. | |||||
| CVE-2021-36873 | 1 Webence | 1 Iq Block Country | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. | |||||
| CVE-2020-23481 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | |||||