Export limit exceeded: 348708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348708 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45736 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2021-38113 | 1 Openwebif Project | 1 Openwebif | 2024-11-21 | 5.4 Medium |
| In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. | ||||
| CVE-2021-38087 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | ||||
| CVE-2021-37999 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.1 Medium |
| Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | ||||
| CVE-2021-37916 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 6.1 Medium |
| Joplin before 2.0.9 allows XSS via button and form in the note body. | ||||
| CVE-2021-37910 | 1 Asus | 10 Gt-axe11000, Gt-axe11000 Firmware, Rt-ax3000 and 7 more | 2024-11-21 | 3.7 Low |
| ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. | ||||
| CVE-2021-37860 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 3.7 Low |
| Mattermost 5.38 and earlier fails to sufficiently sanitize clipboard contents, which allows a user-assisted attacker to inject arbitrary web script in product deployments that explicitly disable the default CSP. | ||||
| CVE-2021-37859 | 1 Mattermost | 1 Mattermost | 2024-11-21 | 7.1 High |
| Fixed a bypass for a reflected cross-site scripting vulnerability affecting OAuth-enabled instances of Mattermost. | ||||
| CVE-2021-37833 | 1 Digitaldruid | 1 Hoteldruid | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability exists in multiple pages in version 3.0.2 of the Hotel Druid application that allows for arbitrary execution of JavaScript commands. | ||||
| CVE-2021-37805 | 1 Phpgurukul | 1 Vehicle Parking Management System | 2024-11-21 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vunerability exists in Sourcecodeste Vehicle Parking Management System affected version 1.0 is via the add-vehicle.php endpoint. | ||||
| CVE-2021-37794 | 1 Filebrowser Project | 1 Filebrowser | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FileBrowser < v2.16.0 that allows an authenticated user authorized to upload a malicious .svg file which acts as a stored XSS payload. If this stored XSS payload is triggered by an administrator it will trigger malicious OS commands on the server running the FileBrowser instance. | ||||
| CVE-2021-37743 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| app/View/GalaxyElements/ajax/index.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster elements in JSON format. | ||||
| CVE-2021-37742 | 1 Misp | 1 Misp | 2024-11-21 | 5.4 Medium |
| app/View/Elements/GalaxyClusters/view_relation_tree.ctp in MISP 2.4.147 allows Stored XSS when viewing galaxy cluster relationships. | ||||
| CVE-2021-37715 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 4.8 Medium |
| A remote cross-site scripting (XSS) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.13.0. Aruba has released upgrades for the Aruba AirWave Management Platform that address this security vulnerability. | ||||
| CVE-2021-37710 | 1 Shopware | 1 Shopware | 2024-11-21 | 8 High |
| Shopware is an open source eCommerce platform. Versions prior to 6.4.3.1 contain a Cross-Site Scripting vulnerability via SVG media files. Version 6.4.3.1 contains a patch. As workarounds for older versions of 6.1, 6.2, and 6.3, corresponding security measures are also available via a plugin. | ||||
| CVE-2021-37700 | 1 Paste-markdown Project | 1 Paste-markdown | 2024-11-21 | 6.5 Medium |
| @github/paste-markdown is an npm package for pasting markdown objects. A self Cross-Site Scripting vulnerability exists in the @github/paste-markdown before version 0.3.4. If the clipboard data contains the string `<table>`, a **div** is dynamically created, and the clipboard content is copied into its **innerHTML** property without any sanitization, resulting in improper execution of JavaScript in the browser of the victim (the user who pasted the code). Users directed to copy text from a malicious website and paste it into pages that utilize this library are affected. This is fixed in version 0.3.4. Refer the to the referenced GitHub Advisory for more details including an example exploit. | ||||
| CVE-2021-37695 | 4 Ckeditor, Debian, Fedoraproject and 1 more | 12 Ckeditor, Debian Linux, Fedora and 9 more | 2024-11-21 | 7.3 High |
| ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Fake Objects](https://ckeditor.com/cke4/addon/fakeobjects) package. The vulnerability allowed to inject malformed Fake Objects HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version < 4.16.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. | ||||
| CVE-2021-37634 | 1 Vapor | 1 Leafkit | 2024-11-21 | 7.4 High |
| Leafkit is a templating language with Swift-inspired syntax. Versions prior to 1.3.0 are susceptible to Cross-site Scripting (XSS) attacks. This affects anyone passing unsanitised data to Leaf's variable tags. Before this fix, Leaf would not escape any strings passed to tags as variables. If an attacker managed to find a variable that was rendered with their unsanitised data, they could inject scripts into a generated Leaf page, which could enable XSS attacks if other mitigations such as a Content Security Policy were not enabled. This has been patched in 1.3.0. As a workaround sanitize any untrusted input before passing it to Leaf and enable a CSP to block inline script and CSS data. | ||||
| CVE-2021-37633 | 1 Discourse | 1 Discourse | 2024-11-21 | 7.4 High |
| Discourse is an open source discussion platform. In versions prior to 2.7.8 rendering of d-popover tooltips can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse's default Content Security Policy. This issue is patched in the latest `stable` 2.7.8 version of Discourse. As a workaround users may ensure that the Content Security Policy is enabled, and has not been modified in a way which would make it more vulnerable to XSS attacks. | ||||
| CVE-2021-37596 | 1 Telegram | 1 Web K Alpha | 2024-11-21 | 6.1 Medium |
| Telegram Web K Alpha 0.6.1 allows XSS via a document name. | ||||