Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-21649 | 1 Jenkins | 1 Dashboard View | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission. | |||||
| CVE-2021-21648 | 1 Jenkins | 1 Credentials | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability. | |||||
| CVE-2021-29448 | 1 Pi-hole | 3 Ftldns, Pi-hole, Web Interface | 2021-05-14 | 5.8 MEDIUM | 8.8 HIGH |
| Pi-hole is a Linux network-level advertisement and Internet tracker blocking application. The Stored XSS exists in the Pi-hole Admin portal, which can be exploited by the malicious actor with the network access to DNS server. See the referenced GitHub security advisory for patch details. | |||||
| CVE-2021-31904 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, XSS was potentially possible on the test history page. | |||||
| CVE-2021-31911 | 1 Jetbrains | 1 Teamcity | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, reflected XSS was possible on several pages. | |||||
| CVE-2021-32544 | 1 Igt\+ Project | 1 Igt\+ | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks. | |||||
| CVE-2021-1490 | 1 Cisco | 1 Web Security Appliance | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface of an affected device. This vulnerability is due to improper validation of user-supplied input in the web-based management interface. An attacker could exploit this vulnerability by persuading a user to retrieve a crafted file that contains malicious payload and upload it to the affected device. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or access sensitive, browser-based information. | |||||
| CVE-2021-30213 | 1 Eng | 1 Knowage | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter. | |||||
| CVE-2021-30212 | 1 Eng | 1 Knowage | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter. | |||||
| CVE-2021-30211 | 1 Eng | 1 Knowage | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter. | |||||
| CVE-2020-4535 | 1 Ibm | 1 Openpages Grc Platform | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| IBM OpenPages GRC Platform 8.1 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 182906. | |||||
| CVE-2021-30172 | 1 Junhetec | 1 Omnidirectional Communication System | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| Special characters of picture preview page in the Quan-Fang-Wei-Tong-Xun system are not filtered in users’ input, which allow remote authenticated attackers can inject malicious JavaScript and carry out Reflected XSS (Cross-site scripting) attacks, additionally access and manipulate customer’s information. | |||||
| CVE-2016-1180 | 2 Cyber-will, Ec-cube | 2 Social-button Premium, Ec-cube | 2021-05-14 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in the Cyber-Will Social-button Premium plugin before 1.1 for EC-CUBE 2.13.x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2021-1507 | 1 Cisco | 1 Sd-wan Vmanage | 2021-05-14 | 3.5 LOW | 5.4 MEDIUM |
| A vulnerability in an API of Cisco SD-WAN vManage Software could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against users of the application web-based interface. This vulnerability exists because the API does not properly validate user-supplied input. An attacker could exploit this vulnerability by sending malicious input to the API. A successful exploit could allow the attacker to execute arbitrary script code in the context of the web-based interface or access sensitive, browser-based information. | |||||
| CVE-2020-23370 | 1 Yzmcms | 1 Yzmcms | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In YzmCMS 5.6, stored XSS exists via the common/static/plugin/ueditor/1.4.3.3/php/controller.php action parameter, which allows remote attackers to upload a swf file. The swf file can be injected with arbitrary web script or HTML. | |||||
| CVE-2020-23369 | 1 Yzmcms | 1 Yzmcms | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| In YzmCMS 5.6, XSS was discovered in member/member_content/init.html via the SRC attribute of an IFRAME element because of using UEditor 1.4.3.3. | |||||
| CVE-2020-23371 | 1 5none | 1 Nonecms | 2021-05-13 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting (XSS) vulnerability in static/admin/js/kindeditor/plugins/multiimage/images/swfupload.swf in noneCms v1.3.0 allows remote attackers to inject arbitrary web script or HTML via the movieName parameter. | |||||
| CVE-2021-3315 | 1 Jetbrains | 1 Teamcity | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.2, stored XSS on a tests page was possible. | |||||
| CVE-2021-31908 | 1 Jetbrains | 1 Teamcity | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages. | |||||
| CVE-2021-24250 | 1 Strategy11 | 1 Business Directory Plugin - Easy Listing Directories | 2021-05-13 | 3.5 LOW | 5.4 MEDIUM |
| The Business Directory Plugin – Easy Listing Directories for WordPress WordPress plugin before 5.11.2 suffered from lack of sanitisation in the label of the Form Fields, leading to Authenticated Stored Cross-Site Scripting issues across various pages of the plugin. | |||||