Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-12082 | 1 Flexera | 1 Flexnet Code Insight | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). | |||||
| CVE-2021-23027 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-29809 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270. | |||||
| CVE-2021-29808 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204269. | |||||
| CVE-2021-29807 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265. | |||||
| CVE-2021-29806 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204264. | |||||
| CVE-2020-23659 | 1 Webport | 1 Web Port | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. | |||||
| CVE-2021-20746 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-29820 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347. | |||||
| CVE-2021-29818 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345. | |||||
| CVE-2021-29819 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346. | |||||
| CVE-2021-29817 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343. | |||||
| CVE-2021-29821 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348. | |||||
| CVE-2021-28901 | 1 Sitasoftware | 1 Azurcms | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite. | |||||
| CVE-2021-40238 | 1 Webuzo | 1 Webuzo | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo. | |||||
| CVE-2021-33691 | 1 Sap | 1 Netweaver Development Infrastructure | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also. | |||||
| CVE-2021-3811 | 1 Pi-hole | 1 Web Interface | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-33694 | 1 Sap | 1 Cloud Connector | 2021-09-28 | 3.5 LOW | 4.8 MEDIUM |
| SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2021-33696 | 1 Sap | 1 Businessobjects Business Intelligence | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. | |||||
| CVE-2021-24525 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). | |||||