Search
Total
20468 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-38870 | 1 Ibm | 1 Aspera On Cloud | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Aspera Cloud is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208343. | |||||
| CVE-2021-36823 | 1 Cusmin | 1 Absolutely Glamorous Custom Admin | 2021-09-29 | 3.5 LOW | 8.2 HIGH |
| Authenticated Stored Cross-Site Scripting (XSS) vulnerability in WordPress Absolutely Glamorous Custom Admin plugin (versions <= 6.8). Stored XSS possible via unsanitized input fields of the plugin settings, some of the payloads could make the frontend and the backend inaccessible. | |||||
| CVE-2021-41391 | 1 Ericsson | 1 Enterprise Content Management | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. | |||||
| CVE-2021-36872 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress Popular Posts plugin (versions <= 5.3.3). Vulnerable at &widget-wpp[2][post_type]. | |||||
| CVE-2021-20829 | 1 Weseek | 1 Growi | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability due to the inadequate tag sanitization in GROWI versions v4.2.19 and earlier allows remote attackers to execute an arbitrary script on the web browser of the user who accesses a specially crafted page. | |||||
| CVE-2021-20484 | 1 Ibm | 1 Sterling File Gateway | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666. | |||||
| CVE-2021-29800 | 1 Ibm | 2 Jazz For Service Management, Tivoli Netcool\/omnibus Webgui | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| IBM Tivoli Netcool/OMNIbus_GUI and IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. | |||||
| CVE-2021-39404 | 1 Maianaffiliate | 1 Maianaffiliate | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. | |||||
| CVE-2020-19553 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| Cross Site Scripting (XSS) vlnerability exists in WUZHI CMS up to and including 4.1.0 in the config function in coreframe/app/attachment/libs/class/ckditor.class.php. | |||||
| CVE-2021-20524 | 2 Docker, Ibm | 2 Docker, Security Verify Access | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| IBM Security Verify Access Docker 10.0.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198661. | |||||
| CVE-2020-19554 | 1 Manageengine | 1 Opmanager | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS) vulnerability exists in ManageEngine OPManager <=12.5.174 when the API key contains an XML-based XSS payload. | |||||
| CVE-2021-41086 | 1 Jsuites | 1 Jsuites | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve. | |||||
| CVE-2021-24530 | 1 Alojapro | 1 Alojapro Widget | 2021-09-29 | 3.5 LOW | 4.8 MEDIUM |
| The Alojapro Widget WordPress plugin through 1.1.15 doesn't properly sanitise its Custom CSS settings, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2021-24582 | 1 Thinktwit Project | 1 Thinktwit | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| The ThinkTwit WordPress plugin before 1.7.1 did not sanitise or escape its "Consumer key" setting before outputting it its settings page, leading to a Stored Cross-Site Scripting issue. | |||||
| CVE-2021-34650 | 1 Eideasy | 1 Eid Easy | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The eID Easy WordPress plugin is vulnerable to Reflected Cross-Site Scripting via the error parameter found in the ~/admin.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 4.6. | |||||
| CVE-2021-39325 | 1 Optinmonster | 1 Optinmonster | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| The OptinMonster WordPress plugin is vulnerable to Reflected Cross-Site Scripting due to insufficient input validation in the load_previews function found in the ~/OMAPI/Output.php file which allows attackers to inject arbitrary web scripts, in versions up to and including 2.6.0. | |||||
| CVE-2020-19915 | 1 Wuzhicms | 1 Wuzhicms | 2021-09-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross Site Scripting (XSS vulnerability exists in WUZHI CMS 4.1.0 via the mailbox username in index.php. | |||||
| CVE-2021-24587 | 1 Zeesweb | 1 Splash Header | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| The Splash Header WordPress plugin before 1.20.8 doesn't sanitise and escape some of its settings while outputting them in the admin dashboard, leading to an authenticated Stored Cross-Site Scripting issue. | |||||
| CVE-2021-36873 | 1 Webence | 1 Iq Block Country | 2021-09-29 | 3.5 LOW | 5.4 MEDIUM |
| Authenticated Persistent Cross-Site Scripting (XSS) vulnerability in WordPress iQ Block Country plugin (versions <= 1.2.11). Vulnerable parameter: &blockcountry_blockmessage. | |||||
| CVE-2020-23481 | 1 Cmsmadesimple | 1 Cms Made Simple | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| CMS Made Simple 2.2.14 was discovered to contain a cross-site scripting (XSS) vulnerability which allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Field Definition text field. | |||||
| CVE-2020-12082 | 1 Flexera | 1 Flexnet Code Insight | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| A stored cross-site scripting issue impacts certain areas of the Web UI for Code Insight v7.x releases up to and including 2020 R1 (7.11.0-64). | |||||
| CVE-2021-23027 | 1 F5 | 14 Big-ip Access Policy Manager, Big-ip Advanced Firewall Manager, Big-ip Advanced Web Application Firewall and 11 more | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| On version 16.0.x before 16.0.1.2, 15.1.x before 15.1.3.1, and 14.1.x before 14.1.4.3, a DOM based cross-site scripting (XSS) vulnerability exists in an undisclosed page of the BIG-IP Configuration utility that allows an attacker to execute JavaScript in the context of the currently logged-in user. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | |||||
| CVE-2021-29809 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204270. | |||||
| CVE-2021-29808 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204269. | |||||
| CVE-2021-29807 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204265. | |||||
| CVE-2021-29806 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204264. | |||||
| CVE-2020-23659 | 1 Webport | 1 Web Port | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| WebPort-v1.19.17121 is affected by Cross Site Scripting (XSS) on the "connections" feature. | |||||
| CVE-2021-20746 | 1 Wordpress Popular Posts Project | 1 Wordpress Popular Posts | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site scripting vulnerability in WordPress Popular Posts 5.3.2 and earlier allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-29820 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204347. | |||||
| CVE-2021-29818 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204345. | |||||
| CVE-2021-29819 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204346. | |||||
| CVE-2021-29817 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204343. | |||||
| CVE-2021-29821 | 1 Ibm | 1 Tivoli Netcool\/omnibus Webgui | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management and IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204348. | |||||
| CVE-2021-28901 | 1 Sitasoftware | 1 Azurcms | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| Multiple cross-site scripting (XSS) vulnerabilities exist in SITA Software Azur CMS 1.2.3.1 and earlier, which allows remote attackers to inject arbitrary web script or HTML via the (1) NOM_CLI , (2) ADRESSE , (3) ADRESSE2, (4) LOCALITE parameters to /eshop/products/json/aouCustomerAdresse; and the (5) nom_liste parameter to /eshop/products/json/addCustomerFavorite. | |||||
| CVE-2021-40238 | 1 Webuzo | 1 Webuzo | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| A Cross Site Scriptiong (XSS) vulnerability exists in the admin panel in Webuzo < 2.9.0 via an HTTP request to a non-existent page, which is activated by administrators viewing the "Error Log" page. An attacker can leverage this to achieve Unauthenticated Remote Code Execution via the "Cron Jobs" functionality of Webuzo. | |||||
| CVE-2021-33691 | 1 Sap | 1 Netweaver Development Infrastructure | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| NWDI Notification Service versions - 7.31, 7.40, 7.50, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability.SAP NetWeaver Development Infrastructure Notification Service allows a threat actor to send crafted scripts to a victim. If the victim has an active session when the crafted script gets executed, the threat actor could compromise information in victims session, and gain access to some sensitive information also. | |||||
| CVE-2021-3811 | 1 Pi-hole | 1 Web Interface | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-33694 | 1 Sap | 1 Cloud Connector | 2021-09-28 | 3.5 LOW | 4.8 MEDIUM |
| SAP Cloud Connector, version - 2.0, does not sufficiently encode user-controlled inputs, allowing an attacker with Administrator rights, to include malicious codes that get stored in the database, and when accessed, could be executed in the application, resulting in Stored Cross-Site Scripting. | |||||
| CVE-2021-33696 | 1 Sap | 1 Businessobjects Business Intelligence | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| SAP BusinessObjects Business Intelligence Platform (Crystal Report), versions - 420, 430, does not sufficiently encode user controlled inputs and therefore an authorized attacker can exploit a XSS vulnerability, leading to non-permanently deface or modify displayed content from a Web site. | |||||
| CVE-2021-24525 | 1 Getshortcodes | 1 Shortcodes Ultimate | 2021-09-28 | 3.5 LOW | 5.4 MEDIUM |
| The Shortcodes Ultimate WordPress plugin before 5.10.2 allows users with Contributor roles to perform stored XSS via shortcode attributes. Note: the plugin is inconsistent in its handling of shortcode attributes; some do escape, most don't, and there are even some attributes that are insecure by design (like [su_button]'s onclick attribute). | |||||
| CVE-2021-3812 | 1 Pi-hole | 1 Web Interface | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |||||
| CVE-2021-20828 | 2 Activefusions, Ec-cube | 2 Order Status Batch Change, Ec-cube | 2021-09-28 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Order Status Batch Change Plug-in (for EC-CUBE 3.0 series) all versions allows a remote attacker to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-29810 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204279. | |||||
| CVE-2021-29813 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204331. | |||||
| CVE-2021-29812 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204330. | |||||
| CVE-2021-29814 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204334. | |||||
| CVE-2021-29815 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204340. | |||||
| CVE-2021-29832 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204824. | |||||
| CVE-2021-29833 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204825. | |||||
| CVE-2021-29905 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2021-09-27 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 207616. | |||||