Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-4865 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 190741. | |||||
| CVE-2021-20357 | 1 Ibm | 11 Collaborative Lifecycle Management, Engineering Insights, Engineering Lifecycle Management and 8 more | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963. | |||||
| CVE-2021-3298 | 1 O-dyn | 1 Collabtive | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Collabtive 3.1 allows XSS when an authenticated user enters an XSS payload into the address section of the profile edit page, aka the manageuser.php?action=edit address1 parameter. | |||||
| CVE-2020-36012 | 1 Bdtask | 1 Multi-store | 2021-01-29 | 3.5 LOW | 4.8 MEDIUM |
| Stored XSS vulnerability in BDTASK Multi-Store Inventory Management System 1.0 allows a local admin to inject arbitrary code via the Customer Name Field. | |||||
| CVE-2020-4820 | 1 Ibm | 1 Cloud Pak For Security | 2021-01-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| IBM Cloud Pak for Security (CP4S) 1.4.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2019-25015 | 1 Openwrt | 1 Openwrt | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| LuCI in OpenWrt 18.06.0 through 18.06.4 allows stored XSS via a crafted SSID. | |||||
| CVE-2021-21260 | 1 Bigprof | 1 Online Invoicing System | 2021-01-29 | 3.5 LOW | 5.4 MEDIUM |
| Online Invoicing System (OIS) is open source software which is a lean invoicing system for small businesses, consultants and freelancers created using AppGini. In OIS version 4.0 there is a stored XSS which can enables an attacker takeover of the admin account through a payload that extracts a csrf token and sends a request to change password. It has been found that Item description is reflected without sanitization in app/items_view.php which enables the malicious scenario. | |||||
| CVE-2021-22875 | 1 Revive-adserver | 1 Revive Adserver | 2021-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in stats.php via the `setPerPage` parameter. | |||||
| CVE-2021-22874 | 1 Revive-adserver | 1 Revive Adserver | 2021-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Revive Adserver before 5.1.1 is vulnerable to a reflected XSS vulnerability in userlog-index.php via the `period_preset` parameter. | |||||
| CVE-2021-22849 | 1 Hyweb | 1 Hycms-j1 | 2021-01-28 | 3.5 LOW | 5.4 MEDIUM |
| Hyweb HyCMS-J1 backend editing function does not filter special characters. Users after log-in can inject JavaScript syntax to perform a stored XSS (Stored Cross-site scripting) attack. | |||||
| CVE-2020-6470 | 4 Debian, Fedoraproject, Google and 1 more | 5 Debian Linux, Fedora, Chrome and 2 more | 2021-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Insufficient validation of untrusted input in clipboard in Google Chrome prior to 83.0.4103.61 allowed a local attacker to inject arbitrary scripts or HTML (UXSS) via crafted clipboard contents. | |||||
| CVE-2020-13932 | 1 Apache | 1 Activemq Artemis | 2021-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Apache ActiveMQ Artemis 2.5.0 to 2.13.0, a specially crafted MQTT packet which has an XSS payload as client-id or topic name can exploit this vulnerability. The XSS payload is being injected into the admin console's browser. The XSS payload is triggered in the diagram plugin; queue node and the info section. | |||||
| CVE-2020-26934 | 4 Debian, Fedoraproject, Opensuse and 1 more | 5 Debian Linux, Fedora, Backports Sle and 2 more | 2021-01-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpMyAdmin before 4.9.6 and 5.x before 5.0.3 allows XSS through the transformation feature via a crafted link. | |||||
| CVE-2020-12512 | 1 Pepperl-fuchs | 24 Io-link Master 4-eip, Io-link Master 4-eip Firmware, Io-link Master 4-pnio and 21 more | 2021-01-27 | 3.5 LOW | 5.4 MEDIUM |
| Pepperl+Fuchs Comtrol IO-Link Master in Version 1.5.48 and below is prone to an authenticated reflected POST Cross-Site Scripting | |||||
| CVE-2021-1271 | 1 Cisco | 1 Web Security Virtual Appliance | 2021-01-27 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco AsyncOS for Cisco Web Security Appliance (WSA) could allow an authenticated, remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface of an affected device. The vulnerability exists because the web-based management interface does not properly validate user-supplied input. An attacker could exploit this vulnerability by inserting malicious data into a specific data field in an affected interface. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface. | |||||
| CVE-2020-35129 | 1 Mautic | 1 Mautic | 2021-01-27 | 6.0 MEDIUM | 9.0 CRITICAL |
| Mautic before 3.2.4 is affected by stored XSS. An attacker with access to Social Monitoring, an application feature, could attack other users, including administrators. For example, an attacker could load an externally drafted JavaScript file that would allow them to eventually perform actions on the target user’s behalf, including changing the user’s password or email address or changing the attacker’s user role from a low-privileged user to an administrator account. | |||||
| CVE-2021-1250 | 1 Cisco | 1 Data Center Network Manager | 2021-01-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1253 | 1 Cisco | 1 Data Center Network Manager | 2021-01-27 | 3.5 LOW | 5.4 MEDIUM |
| Multiple vulnerabilities in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow a remote attacker with network-operator privileges to conduct a cross-site scripting (XSS) attack or a reflected file download (RFD) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-35272 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2021-01-27 | 3.5 LOW | 4.8 MEDIUM |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Admin Portal in the Task and Description fields. | |||||
| CVE-2020-35271 | 1 Employee Performance Evaluation System Project | 1 Employee Performance Evaluation System | 2021-01-27 | 3.5 LOW | 4.8 MEDIUM |
| Employee Performance Evaluation System in PHP/MySQLi with Source Code 1.0 is affected by cross-site scripting (XSS) in the Employees, First Name and Last Name fields. | |||||