Total
44771 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-36755 | 1 Cgm-remote-monitor Project | 1 Cgm-remote-monitor | 2024-11-21 | 6.1 Medium |
| Nightscout Web Monitor (aka cgm-remote-monitor) 14.2.2 allows XSS via a crafted X-Forwarded-For header. | ||||
| CVE-2021-36747 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 5.4 Medium |
| Blackboard Learn through 9.1 allows XSS by an authenticated user via the Feedback to Learner form. | ||||
| CVE-2021-36746 | 1 Blackboard | 1 Blackboard Learn | 2024-11-21 | 5.4 Medium |
| Blackboard Learn through 9.1 allows XSS by an authenticated user via the Assignment Instructions HTML editor. | ||||
| CVE-2021-36738 | 1 Apache | 1 Pluto | 2024-11-21 | 6.1 Medium |
| The input fields in the JSP version of the Apache Pluto Applicant MVCBean CDI portlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the applicant-mvcbean-cdi-jsp-portlet.war artifact | ||||
| CVE-2021-36737 | 1 Apache | 1 Pluto | 2024-11-21 | 6.1 Medium |
| The input fields of the Apache Pluto UrlTestPortlet are vulnerable to Cross-Site Scripting (XSS) attacks. Users should migrate to version 3.1.1 of the v3-demo-portlet.war artifact | ||||
| CVE-2021-36720 | 1 Pineapp | 1 Mail Secure | 2024-11-21 | 6.1 Medium |
| PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . | ||||
| CVE-2021-36703 | 1 Htmly | 1 Htmly | 2024-11-21 | 6.1 Medium |
| The "blog title" field in the "Settings" menu "config" page of "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send an authenticated post HTTP request to admin/config and inject arbitrary web script or HTML through a special website name. | ||||
| CVE-2021-36702 | 1 Htmly | 1 Htmly | 2024-11-21 | 6.1 Medium |
| The "content" field in the "regular post" page of the "add content" menu under "dashboard" in htmly 2.8.1 has a storage cross site scripting (XSS) vulnerability. It allows remote attackers to send authenticated post-http requests to add / content and inject arbitrary web scripts or HTML through special content. | ||||
| CVE-2021-36698 | 1 Artica | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| Pandora FMS through 755 allows XSS via a new Event Filter with a crafted name. | ||||
| CVE-2021-36696 | 1 Deskpro | 1 Deskpro | 2024-11-21 | 5.4 Medium |
| Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in social media links on a user profile due to lack of input validation. | ||||
| CVE-2021-36695 | 1 Deskpro | 1 Deskpro | 2024-11-21 | 5.4 Medium |
| Deskpro cloud and on-premise Deskpro 2021.1.6 and fixed in Deskpro 2021.1.7 contains a cross-site scripting (XSS) vulnerability in the download file feature on a manager profile due to lack of input validation. | ||||
| CVE-2021-36654 | 1 Cmsuno Project | 1 Cmsuno | 2024-11-21 | 5.4 Medium |
| CMSuno 1.7 is vulnerable to an authenticated stored cross site scripting in modifying the filename parameter (tgo) while updating the theme. | ||||
| CVE-2021-36646 | 1 Kodcloud | 1 Kodexplorer | 2024-11-21 | 6.1 Medium |
| A Cross Site Scrtpting (XSS) vulnerability in KodExplorer 4.45 allows remote attackers to run arbitrary code via /index.php page. | ||||
| CVE-2021-36609 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /linkedcontent/editfolder.php. | ||||
| CVE-2021-36608 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in webTareas 2.2p1 via the Name field to /projects/editproject.php. | ||||
| CVE-2021-36605 | 1 Engineercms Project | 1 Engineercms | 2024-11-21 | 5.4 Medium |
| engineercms 1.03 is vulnerable to Cross Site Scripting (XSS). There is no escaping in the nickname field on the user list page. When viewing this page, the JavaScript code will be executed in the user's browser. | ||||
| CVE-2021-36601 | 1 Get-simple | 1 Getsimplecms | 2024-11-21 | 6.1 Medium |
| GetSimpleCMS 3.3.16 contains a cross-site Scripting (XSS) vulnerability, where Function TSL does not filter check settings.php Website URL: "siteURL" parameter. | ||||
| CVE-2021-36568 | 2 Fedoraproject, Moodle | 2 Fedora, Moodle | 2024-11-21 | 5.4 Medium |
| In certain Moodle products after creating a course, it is possible to add in a arbitrary "Topic" a resource, in this case a "Database" with the type "Text" where its values "Field name" and "Field description" are vulnerable to Cross Site Scripting Stored(XSS). This affects Moodle 3.11 and Moodle 3.10.4 and Moodle 3.9.7. | ||||
| CVE-2021-36563 | 1 Checkmk | 1 Checkmk | 2024-11-21 | 5.4 Medium |
| The CheckMK management web console (versions 1.5.0 to 2.0.0) does not sanitise user input in various parameters of the WATO module. This allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts), the XSS payload will be triggered when the user accesses some specific sections of the application. In the same sense a very dangerous potential way would be when an attacker who has the monitor role (not administrator) manages to get a stored XSS to steal the secretAutomation (for the use of the API in administrator mode) and thus be able to create another administrator user who has high privileges on the CheckMK monitoring web console. Another way is that persistent XSS allows an attacker to modify the displayed content or change the victim's information. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session. | ||||
| CVE-2021-36551 | 1 Tiki | 1 Tikiwiki Cms\/groupware | 2024-11-21 | 5.4 Medium |
| TikiWiki v21.4 was discovered to contain a cross-site scripting (XSS) vulnerability in the component tiki-calendar.php. This vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload under the Add Event module. | ||||