Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-39178 | 1 Vercel | 1 Next.js | 2021-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| Next.js is a React framework. Versions of Next.js between 10.0.0 and 11.0.0 contain a cross-site scripting vulnerability. In order for an instance to be affected by the vulnerability, the `next.config.js` file must have `images.domains` array assigned and the image host assigned in `images.domains` must allow user-provided SVG. If the `next.config.js` file has `images.loader` assigned to something other than default or the instance is deployed on Vercel, the instance is not affected by the vulnerability. The vulnerability is patched in Next.js version 11.1.1. | |||||
| CVE-2021-39169 | 1 Misskey | 1 Misskey | 2021-09-08 | 3.5 LOW | 5.4 MEDIUM |
| Misskey is a decentralized microblogging platform. In versions of Misskey prior to 12.51.0, malicious actors can use the web client built-in dialog to display a malicious string, leading to cross-site scripting (XSS). XSS could compromise the API request token. This issue has been fixed in version 12.51.0. There are no known workarounds aside from upgrading. | |||||
| CVE-2020-13639 | 1 Outsystems | 3 Lifetime Management Console, Outsystems, Platform Server | 2021-09-08 | 4.3 MEDIUM | 6.1 MEDIUM |
| A stored XSS vulnerability was discovered in the ECT Provider in OutSystems before 2020-09-04, affecting generated applications. It could allow an unauthenticated remote attacker to craft and store malicious Feedback content into /ECT_Provider/, such that when the content is viewed (it can only be viewed by Administrators), attacker-controlled JavaScript will execute in the security context of an administrator's browser. This is fixed in Outsystems 10.0.1005.2, Outsystems 11.9.0 Platform Server, and Outsystems 11.7.0 LifeTime Management Console. | |||||
| CVE-2021-40492 | 1 Gibbonedu | 1 Gibbon | 2021-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | |||||
| CVE-2021-39322 | 1 Cybernetikz | 1 Easy Social Icons | 2021-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Easy Social Icons plugin <= 3.0.8 for WordPress echoes out the raw value of `$_SERVER['PHP_SELF']` in its main file. On certain configurations including Apache+modPHP this makes it possible to use it to perform a reflected Cross-Site Scripting attack by injecting malicious code in the request path. | |||||
| CVE-2020-20344 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the keyword search function under the background articles module. | |||||
| CVE-2020-20345 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a reflective cross-site scripting (XSS) vulnerability in the page management background which allows attackers to obtain cookies via a crafted payload entered into the search box. | |||||
| CVE-2020-20347 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the source field under the article management module. | |||||
| CVE-2020-20348 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link field under the background menu management module. | |||||
| CVE-2020-20349 | 1 Wtcms Project | 1 Wtcms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| WTCMS 1.0 contains a stored cross-site scripting (XSS) vulnerability in the link address field under the background links module. | |||||
| CVE-2020-19049 | 1 Mybb | 1 Mybb | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in MyBB v1.8.20 allows remote attackers to inject arbitrary web script or HTML via the "Description" field found in the "Add New Forum" page by doing an authenticated POST HTTP request to '/Upload/admin/index.php?module=forum-management&action=add'. | |||||
| CVE-2020-19046 | 1 S-cms | 1 S-cms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) in S-CMS v1.0 allows remote attackers to execute arbitrary code via the component '/admin/tpl.php?page='. | |||||
| CVE-2021-37715 | 1 Arubanetworks | 1 Airwave | 2021-09-07 | 3.5 LOW | 4.8 MEDIUM |
| A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. | |||||
| CVE-2020-14161 | 1 Thecodingmachine | 1 Gotenberg | 2021-09-07 | 4.3 MEDIUM | 6.1 MEDIUM |
| It is possible to inject HTML and/or JavaScript in the HTML to PDF conversion in Gotenberg through 6.2.1 via the /convert/html endpoint. | |||||
| CVE-2020-18065 | 1 Popojicms | 1 Popojicms | 2021-09-07 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in PopojiCMS 2.0.1 in admin.php?mod=menumanager--------- edit menu. | |||||
| CVE-2021-27912 | 1 Acquia | 1 Mautic | 2021-09-03 | 3.5 LOW | 5.4 MEDIUM |
| Mautic versions before 3.3.4/4.0.0 are vulnerable to an inline JS XSS attack when viewing Mautic assets by utilizing inline JS in the title and adding a broken image URL as a remote asset. This can only be leveraged by an authenticated user with permission to create or edit assets. | |||||
| CVE-2021-24667 | 1 Simplygallery | 1 Simply Gallery Blocks With Lightbox | 2021-09-03 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting vulnerability has been discovered in : Simply Gallery Blocks with Lightbox (Version – 2.2.0 & below). The vulnerability exists in the Lightbox functionality where a user with low privileges is allowed to execute arbitrary script code within the context of the application. This vulnerability is due to insufficient validation of image parameters in meta data. | |||||
| CVE-2021-3628 | 1 Openkm | 1 Openkm | 2021-09-03 | 3.5 LOW | 5.4 MEDIUM |
| OpenKM Community Edition in its 6.3.10 version is vulnerable to authenticated Cross-site scripting (XSS). A remote attacker could exploit this vulnerability by injecting arbitrary code via de uuid parameter. | |||||
| CVE-2021-22021 | 1 Vmware | 2 Cloud Foundation, Vrealize Log Insight | 2021-09-02 | 3.5 LOW | 5.4 MEDIUM |
| VMware vRealize Log Insight (8.x prior to 8.4) contains a Cross Site Scripting (XSS) vulnerability due to improper user input validation. An attacker with user privileges may be able to inject a malicious payload via the Log Insight UI which would be executed when the victim accesses the shared dashboard link. | |||||
| CVE-2021-37416 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2021-09-02 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. | |||||