Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22241 | 1 Gitlab | 1 Gitlab | 2021-08-12 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name. | |||||
| CVE-2021-36654 | 1 Cmsuno Project | 1 Cmsuno | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. | |||||
| CVE-2021-33339 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Fragment module in Liferay Portal 7.2.1 through 7.3.4, and Liferay DXP 7.2 before fix pack 9 allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_site_admin_web_portlet_SiteAdminPortlet_name parameter. | |||||
| CVE-2021-33336 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Journal module's add article menu in Liferay Portal 7.3.0 through 7.3.3, and Liferay DXP 7.1 fix pack 18, and 7.2 fix pack 5 through 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_journal_web_portlet_JournalPortlet_name parameter. | |||||
| CVE-2020-22392 | 1 Intelliants | 1 Subrion Cms | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in Subrion CMS 4.2.2 when adding a blog and then editing an image file. | |||||
| CVE-2020-22732 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| CMS Made Simple (CMSMS) 2.2.14 allows stored XSS via the Extensions > Fie Picker.. | |||||
| CVE-2021-3539 | 1 Espocrm | 1 Espocrm | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| EspoCRM 6.1.6 and prior suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 6.1.7 of the product. | |||||
| CVE-2021-38113 | 1 Openwebif Project | 1 Openwebif | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. | |||||
| CVE-2021-24014 | 1 Fortinet | 1 Fortisandbox | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. | |||||
| CVE-2021-33332 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Portlet Configuration module in Liferay Portal 7.1.0 through 7.3.2, and Liferay DXP 7.1 before fix pack 19, and 7.2 before fix pack 7, allows remote attackers to inject arbitrary web script or HTML via the _com_liferay_portlet_configuration_css_web_portlet_PortletConfigurationCSSPortlet_portletResource parameter. | |||||
| CVE-2021-37833 | 1 Digitaldruid | 1 Hoteldruid | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. | |||||
| CVE-2021-36703 | 1 Htmly | 1 Htmly | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name. | |||||
| CVE-2021-36702 | 1 Htmly | 1 Htmly | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content. | |||||
| CVE-2021-32019 | 1 Openwrt | 1 Openwrt | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| There is missing input validation of host names displayed in OpenWrt before 19.07.8. The Connection Status page of the luci web-interface allows XSS, which can be used to gain full control over the affected system via ICMP. | |||||
| CVE-2021-34635 | 1 Ays-pro | 1 Poll Maker | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Poll Maker WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the mcount parameter found in the ~/admin/partials/settings/poll-maker-settings.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 3.2.8. | |||||
| CVE-2021-33326 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Frontend JS module in Liferay Portal 7.3.4 and earlier, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20 and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the title of a modal window. | |||||
| CVE-2021-33328 | 1 Liferay | 2 Dxp, Liferay Portal | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Asset module's edit vocabulary page in Liferay Portal 7.0.0 through 7.3.4, and Liferay DXP 7.0 before fix pack 96, 7.1 before fix pack 20, and 7.2 before fix pack 9, allows remote attackers to inject arbitrary web script or HTML via the (1) _com_liferay_journal_web_portlet_JournalPortlet_name or (2) _com_liferay_document_library_web_portlet_DLAdminPortlet_name parameter. | |||||
| CVE-2021-36803 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 3.5 LOW | 5.4 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-36805 | 1 Akaunting | 1 Akaunting | 2021-08-11 | 3.5 LOW | 4.8 MEDIUM |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product. | |||||
| CVE-2021-29979 | 1 Mozilla | 1 Hubs Cloud | 2021-08-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Hubs Cloud allows users to download shared content, specifically HTML and JS, which could allow javascript execution in the Hub Cloud instance’s primary hosting domain.*. This vulnerability affects Hubs Cloud < mozillareality/reticulum/1.0.1/20210618012634. | |||||