Total
43905 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-23863 | 1 Bosch | 1 Video Security | 2024-11-21 | 6.1 Medium |
| HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. | ||||
| CVE-2021-23860 | 1 Bosch | 4 Bosch Video Management System, Divar Ip 5000 Firmware, Divar Ip 7000 Firmware and 1 more | 2024-11-21 | 5 Medium |
| An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. To exploit this vulnerability an attack must be able to modify the HTTP header that is sent. This issue also affects installations of the DIVAR IP and BVMS with VRM installed. | ||||
| CVE-2021-23856 | 1 Bosch | 4 Rexroth Indramotion Mlc L20, Rexroth Indramotion Mlc L20 Firmware, Rexroth Indramotion Mlc L40 and 1 more | 2024-11-21 | 10 Critical |
| The web server is vulnerable to reflected XSS and therefore an attacker might be able to execute scripts on a client’s computer by sending the client a manipulated URL. | ||||
| CVE-2021-23854 | 1 Bosch | 8 Cpp13, Cpp13 Firmware, Cpp6 and 5 more | 2024-11-21 | 8.3 High |
| An error in the handling of a page parameter in Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. This issue only affects versions 7.7x and 7.6x. All other versions are not affected. | ||||
| CVE-2021-23848 | 1 Bosch | 10 Cpp13, Cpp13 Firmware, Cpp4 and 7 more | 2024-11-21 | 8.3 High |
| An error in the URL handler Bosch IP cameras may lead to a reflected cross site scripting (XSS) in the web-based interface. An attacker with knowledge of the camera address can send a crafted link to a user, which will execute javascript code in the context of the user. | ||||
| CVE-2021-23838 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 4.8 Medium |
| An issue was discovered in flatCore before 2.0.0 build 139. A reflected XSS vulnerability was identified in the media_filter HTTP request body parameter for the acp interface. The affected parameter accepts malicious client-side script without proper input sanitization. For example, a malicious user can leverage this vulnerability to steal cookies from a victim user and perform a session-hijacking attack, which may then lead to unauthorized access to the site. | ||||
| CVE-2021-23836 | 1 Flatcore | 1 Flatcore | 2024-11-21 | 4.8 Medium |
| An issue was discovered in flatCore before 2.0.0 build 139. A stored XSS vulnerability was identified in the prefs_smtp_psw HTTP request body parameter for the acp interface. An admin user can inject malicious client-side script into the affected parameter without any form of input sanitization. The injected payload will be executed in the browser of a user whenever one visits the affected module page. | ||||
| CVE-2021-23824 | 1 Crowcpp | 1 Crow | 2024-11-21 | 6.5 Medium |
| This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting (XSS) vulnerability, assuming an attacker can influence the value entered into the template. If the template is used to render user-generated content, this vulnerability may escalate to a persistent XSS vulnerability. | ||||
| CVE-2021-23784 | 1 Tempura Project | 1 Tempura | 2024-11-21 | 5.4 Medium |
| This affects the package tempura before 0.4.0. If the input to the esc function is of type object (i.e an array) it is returned without being escaped/sanitized, leading to a potential Cross-Site Scripting vulnerability. | ||||
| CVE-2021-23673 | 1 Pekeupload Project | 1 Pekeupload | 2024-11-21 | 5.4 Medium |
| This affects all versions of package pekeupload. If an attacker induces a user to upload a file whose name contains javascript code, the javascript code will be executed. | ||||
| CVE-2021-23648 | 3 Fedoraproject, Paypal, Redhat | 4 Fedora, Braintree\/sanitize-url, Enterprise Linux and 1 more | 2024-11-21 | 5.4 Medium |
| The package @braintree/sanitize-url before 6.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper sanitization in sanitizeUrl function. | ||||
| CVE-2021-23445 | 2 Datatables, Redhat | 2 Datatables.net, Jboss Enterprise Application Platform | 2024-11-21 | 3.1 Low |
| This affects the package datatables.net before 1.11.3. If an array is passed to the HTML escape entities function it would not have its contents escaped. | ||||
| CVE-2021-23439 | 1 Johndatserakis | 1 File-upload-with-preview | 2024-11-21 | 4.2 Medium |
| This affects the package file-upload-with-preview before 4.2.0. A file containing malicious JavaScript code in the name can be uploaded (a user needs to be tricked into uploading such a file). | ||||
| CVE-2021-23416 | 1 Curly-bracket-parser Project | 1 Curly-bracket-parser | 2024-11-21 | 5.4 Medium |
| This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input. | ||||
| CVE-2021-23414 | 2 Fedoraproject, Videojs | 2 Fedora, Video.js | 2024-11-21 | 6.5 Medium |
| This affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code. | ||||
| CVE-2021-23411 | 1 Anchorme Project | 1 Anchorme | 2024-11-21 | 5.4 Medium |
| Affected versions of this package are vulnerable to Cross-site Scripting (XSS) via the main functionality. It accepts input that can result in the output (an anchor a tag) containing undesirable Javascript code that can be executed upon user interaction. | ||||
| CVE-2021-23398 | 1 React-bootstrap-table Project | 1 React-bootstrap-table | 2024-11-21 | 6.1 Medium |
| All versions of package react-bootstrap-table are vulnerable to Cross-site Scripting (XSS) via the dataFormat parameter. The problem is triggered when an invalid React element is returned, leading to dangerouslySetInnerHTML being used, which does not sanitize the output. | ||||
| CVE-2021-23347 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 4.7 Medium |
| The package github.com/argoproj/argo-cd/cmd before 1.7.13, from 1.8.0 and before 1.8.6 are vulnerable to Cross-site Scripting (XSS) the SSO provider connected to Argo CD would have to send back a malicious error message containing JavaScript to the user. | ||||
| CVE-2021-23342 | 1 Docsifyjs | 1 Docsify | 2024-11-21 | 8.6 High |
| This affects the package docsify before 4.12.0. It is possible to bypass the remediation done by CVE-2020-7680 and execute malicious JavaScript through the following methods 1) When parsing HTML from remote URLs, the HTML code on the main page is sanitized, but this sanitization is not taking place in the sidebar. 2) The isURL external check can be bypassed by inserting more “////” characters | ||||
| CVE-2021-23327 | 1 Fusioncharts | 1 Apexcharts | 2024-11-21 | 6.3 Medium |
| The package apexcharts before 3.24.0 are vulnerable to Cross-site Scripting (XSS) via lack of sanitization of graph legend fields. | ||||