Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-27679 | 1 Batflat | 1 Batflat | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting (XSS) vulnerability in Navigation in Batflat CMS 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the field name. | |||||
| CVE-2020-23721 | 1 Thedaylightstudio | 1 Fuel Cms | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| An issue was discovered in FUEL CMS V1.4.7. An attacker can use a XSS payload and bypass a filter via /fuelCM/fuel/pages/edit/1?lang=english. | |||||
| CVE-2021-27907 | 1 Apache | 1 Superset | 2021-03-12 | 3.5 LOW | 5.4 MEDIUM |
| Apache Superset up to and including 0.38.0 allowed the creation of a Markdown component on a Dashboard page for describing chart's related information. Abusing this functionality, a malicious user could inject javascript code executing unwanted action in the context of the user's browser. The javascript code will be automatically executed (Stored XSS) when a legitimate user surfs on the dashboard page. The vulnerability is exploitable creating a “div” section and embedding in it a “svg” element with javascript code. | |||||
| CVE-2020-29029 | 1 Secomea | 1 Gatemanager Firmware | 2021-03-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Improper Input Validation, Cross-site Scripting (XSS) vulnerability in Web GUI of Secomea GateManager allows an attacker to execute arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | |||||
| CVE-2021-3224 | 1 Cszcms | 1 Csz Cms | 2021-03-11 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting (XSS) vulnerability in cszcms 1.2.9 exists in /admin/pages/new via the content parameter. | |||||
| CVE-2020-35594 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2021-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| Zoho ManageEngine ADManager Plus before 7066 allows XSS. | |||||
| CVE-2020-27576 | 1 Maxum | 1 Rumpus | 2021-03-11 | 3.5 LOW | 5.4 MEDIUM |
| Maxum Rumpus 8.2.13 and 8.2.14 is affected by cross-site scripting (XSS). Users are able to create folders in the web application. The folder name is insufficiently validated resulting in a stored cross-site scripting vulnerability. | |||||
| CVE-2021-27222 | 1 Obss | 1 Time In Status | 2021-03-11 | 3.5 LOW | 5.4 MEDIUM |
| In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. | |||||
| CVE-2017-17780 | 1 Mediaburst | 8 Booking Calendar Sms, Clockwork Sms Notfications, Contact Form 7 Sms and 5 more | 2021-03-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| The Clockwork SMS clockwork-test-message.php component has XSS via a crafted "to" parameter in a clockwork-test-message request to wp-admin/admin.php. This component code is found in the following WordPress plugins: Clockwork Free and Paid SMS Notifications 2.0.3, Two-Factor Authentication - Clockwork SMS 1.0.2, Booking Calendar - Clockwork SMS 1.0.5, Contact Form 7 - Clockwork SMS 2.3.0, Fast Secure Contact Form - Clockwork SMS 2.1.2, Formidable - Clockwork SMS 1.0.2, Gravity Forms - Clockwork SMS 2.2, and WP e-Commerce - Clockwork SMS 2.0.5. | |||||
| CVE-2021-26967 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. | |||||
| CVE-2021-26968 | 1 Arubanetworks | 1 Airwave | 2021-03-10 | 3.5 LOW | 4.8 MEDIUM |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | |||||
| CVE-2020-29028 | 1 Secomea | 1 Gatemanager Firmware | 2021-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) vulnerability in web GUI of Secomea GateManager allows an attacker to inject arbitrary javascript code. This issue affects: Secomea GateManager all versions prior to 9.4. | |||||
| CVE-2021-28006 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2021-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. | |||||
| CVE-2021-22183 | 1 Gitlab | 1 Gitlab | 2021-03-10 | 3.5 LOW | 5.4 MEDIUM |
| An issue has been discovered in GitLab affecting all versions starting with 11.8. GitLab was vulnerable to a stored XSS in the epics page, which could be exploited with user interactions. | |||||
| CVE-2020-4975 | 1 Ibm | 9 Doors Next, Engineering Lifecycle Management, Engineering Requirements Quality Assistant On-premises and 6 more | 2021-03-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 192435. | |||||
| CVE-2021-21312 | 1 Glpi-project | 1 Glpi | 2021-03-10 | 3.5 LOW | 4.8 MEDIUM |
| GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is a vulnerability within the document upload function (Home > Management > Documents > Add, or /front/document.form.php endpoint), indeed one of the form field: "Web Link" is not properly sanitized and a malicious user (who has document upload rights) can use it to deliver JavaScript payload. For example if you use the following payload: " accesskey="x" onclick="alert(1)" x=", the content will be saved within the database without any control. And then once you return to the summary documents page, by clicking on the "Web Link" of the newly created file it will create a new empty tab, but on the initial tab the pop-up "1" will appear. | |||||
| CVE-2020-1936 | 1 Apache | 1 Ambari | 2021-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A cross-site scripting issue was found in Apache Ambari Views. This was addressed in Apache Ambari 2.7.4. | |||||
| CVE-2021-27940 | 1 Openark | 1 Orchestrator | 2021-03-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| resources/public/js/orchestrator.js in openark orchestrator before 3.2.4 allows XSS via the orchestrator-msg parameter. | |||||
| CVE-2021-21314 | 1 Glpi-project | 1 Glpi | 2021-03-09 | 3.5 LOW | 4.8 MEDIUM |
| GLPI is open source software which stands for Gestionnaire Libre de Parc Informatique and it is a Free Asset and IT Management Software package. In GLPI before verison 9.5.4, there is an XSS vulnerability involving a logged in user while updating a ticket. | |||||
| CVE-2021-23347 | 1 Linuxfoundation | 1 Argo Continuous Delivery | 2021-03-09 | 3.5 LOW | 4.8 MEDIUM |
| The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | |||||