Total
43965 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26549 | 1 Smartfoxserver | 1 Smartfoxserver | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in SmartFoxServer 2.17.0. Input passed to the AdminTool console is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML code in a user's browser session in context of an affected site. | ||||
| CVE-2021-26475 | 1 Eprints | 1 Eprints | 2024-11-21 | 6.1 Medium |
| EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. | ||||
| CVE-2021-26304 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 5.4 Medium |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the add-expense.php Item parameter. | ||||
| CVE-2021-26303 | 1 Phpgurukul | 1 Daily Expense Tracker System | 2024-11-21 | 6.1 Medium |
| PHPGurukul Daily Expense Tracker System 1.0 is vulnerable to stored XSS via the user-profile.php Full Name field. | ||||
| CVE-2021-26263 | 1 Odoo | 3 Odoo, Odoo Community, Odoo Enterprise | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) issue in Discuss app of Odoo Community 14.0 through 15.0, and Odoo Enterprise 14.0 through 15.0, allows remote attackers to inject arbitrary web script in the browser of a victim, by posting crafted contents. | ||||
| CVE-2021-26247 | 1 Cacti | 1 Cacti | 2024-11-21 | 6.1 Medium |
| As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter. | ||||
| CVE-2021-26230 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the user information to save_user.php. | ||||
| CVE-2021-26227 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the student information parameters to edit_stud.php. | ||||
| CVE-2021-26224 | 1 Fantastic Blog Project | 1 Fantastic Blog | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester Fantastic-Blog-CMS V 1.0 allows remote attackers to inject arbitrary web script or HTML via the search field to search.php. | ||||
| CVE-2021-26123 | 1 Livinglogic | 1 Xist4c | 2024-11-21 | 6.1 Medium |
| LivingLogic XIST4C before 0.107.8 allows XSS via login.htm, login.wihtm, or login-form.htm. | ||||
| CVE-2021-26122 | 1 Livinglogic | 1 Xist4c | 2024-11-21 | 6.1 Medium |
| LivingLogic XIST4C before 0.107.8 allows XSS via feedback.htm or feedback.wihtm. | ||||
| CVE-2021-26092 | 1 Fortinet | 2 Fortios, Fortiproxy | 2024-11-21 | 4.7 Medium |
| Failure to sanitize input in the SSL VPN web portal of FortiOS 5.2.10 through 5.2.15, 5.4.0 through 5.4.13, 5.6.0 through 5.6.14, 6.0.0 through 6.0.12, 6.2.0 through 6.2.7, 6.4.0 through 6.4.4; and FortiProxy 1.2.0 through 1.2.9, 2.0.0 through 2.0.1 may allow a remote unauthenticated attacker to perform a reflected Cross-site Scripting (XSS) attack by sending a request to the error page with malicious GET parameters. | ||||
| CVE-2021-26083 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.4 Medium |
| Export HTML Report in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-26082 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 5.4 Medium |
| The XML Export in Atlassian Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a stored cross site scripting vulnerability. | ||||
| CVE-2021-26080 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2024-11-21 | 6.1 Medium |
| EditworkflowScheme.jspa in Jira Server and Jira Data Center before version 8.5.14, and from version 8.6.0 before version 8.13.6, and from 8.14.0 before 8.16.1 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | ||||
| CVE-2021-26079 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 6.1 Medium |
| The CardLayoutConfigTable component in Jira Server and Jira Data Center before version 8.5.15, and from version 8.6.0 before version 8.13.7, and from version 8.14.0 before 8.17.0 allows remote attackers to inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | ||||
| CVE-2021-26078 | 1 Atlassian | 3 Data Center, Jira, Jira Server | 2024-11-21 | 6.1 Medium |
| The number range searcher component in Jira Server and Jira Data Center before version 8.5.14, from version 8.6.0 before version 8.13.6, and from version 8.14.0 before version 8.16.1 allows remote attackers inject arbitrary HTML or JavaScript via a cross site scripting (XSS) vulnerability. | ||||
| CVE-2021-26023 | 1 Nagios | 2 Favorites, Nagios Xi | 2024-11-21 | 6.1 Medium |
| The Favorites component before 1.0.2 for Nagios XI 5.8.0 is vulnerable to XSS. | ||||
| CVE-2021-25959 | 1 Opencrx | 1 Opencrx | 2024-11-21 | 6.1 Medium |
| In OpenCRX, versions v4.0.0 through v5.1.0 are vulnerable to reflected Cross-site Scripting (XSS), due to unsanitized parameters in the password reset functionality. This allows execution of external javascript files on any user of the openCRX instance. | ||||
| CVE-2021-25955 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 9 Critical |
| In “Dolibarr ERP CRM”, WYSIWYG Editor module, v2.8.1 to v13.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the “Private Note” field at “/adherents/note.php?id=1” endpoint. These scripts are executed in a victim’s browser when they open the page containing the vulnerable field. In the worst case, the victim who inadvertently triggers the attack is a highly privileged administrator. The injected scripts can extract the Session ID, which can lead to full Account takeover of the admin and due to other vulnerability (Improper Access Control on Private notes) a low privileged user can update the private notes which could lead to privilege escalation. | ||||