Total
44102 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42061 | 1 Sap | 1 Businessobjects Business Intelligence Platform | 2024-11-21 | 5.4 Medium |
| SAP BusinessObjects Business Intelligence Platform (Web Intelligence) - version 420, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. This allows a low privileged attacker to retrieve some data from the victim but will never be able to modify the document and publish these modifications to the server. It impacts the "Quick Prompt" workflow. | ||||
| CVE-2021-42053 | 1 Django-unicorn | 1 Unicorn | 2024-11-21 | 5.4 Medium |
| The Unicorn framework through 0.35.3 for Django allows XSS via component.name. | ||||
| CVE-2021-42051 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 5.4 Medium |
| An issue was discovered in AbanteCart before 1.3.2. Any low-privileged user with file-upload permissions can upload a malicious SVG document that contains an XSS payload. | ||||
| CVE-2021-42050 | 1 Abantecart | 1 Abantecart | 2024-11-21 | 6.1 Medium |
| An issue was discovered in AbanteCart before 1.3.2. It allows DOM Based XSS. | ||||
| CVE-2021-42048 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.8 Medium |
| An issue was discovered in the Growth extension in MediaWiki through 1.36.2. Any admin can add arbitrary JavaScript code to the Newcomer home page footer, which can be executed by viewers with zero edits. | ||||
| CVE-2021-42047 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.4 Medium |
| An issue was discovered in the Growth extension in MediaWiki through 1.36.2. On any Wiki with the Mentor Dashboard feature enabled, users can login with a mentor account and trigger an XSS payload (such as alert) via Growthexperiments-mentor-dashboard-mentee-overview-no-js-fallback. | ||||
| CVE-2021-42046 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the GlobalWatchlist extension in MediaWiki through 1.36.2. The rev-deleted-user and ntimes messages were not properly escaped and allowed for users to inject HTML and JavaScript. | ||||
| CVE-2021-42045 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.4 Medium |
| An issue was discovered in SecurePoll in the Growth extension in MediaWiki through 1.36.2. Simple polls allow users to create alerts by changing their User-Agent HTTP header and submitting a vote. | ||||
| CVE-2021-42044 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.8 Medium |
| An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | ||||
| CVE-2021-42043 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text (a parameter to mediasearch-did-you-mean) was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator within the query. | ||||
| CVE-2021-42042 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.8 Medium |
| An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript. | ||||
| CVE-2021-42041 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 6.1 Medium |
| An issue was discovered in CentralAuth in MediaWiki through 1.36.2. The rightsnone MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the setchange log. | ||||
| CVE-2021-41962 | 1 Vehicle Service Management System Project | 1 Vehicle Service Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Vehicle Service Management System 1.0 via the Owner fullname parameter in a Send Service Request in vehicle_service. | ||||
| CVE-2021-41952 | 1 Tribalsystems | 1 Zenario | 2024-11-21 | 4.8 Medium |
| Zenario CMS 9.0.54156 is vulnerable to Cross Site Scripting (XSS) via upload file to *.SVG. An attacker can send malicious files to victims and steals victim's cookie leads to account takeover. The person viewing the image of a contact can be victim of XSS. | ||||
| CVE-2021-41951 | 1 Montala | 1 Resourcespace | 2024-11-21 | 6.1 Medium |
| ResourceSpace before 9.6 rev 18290 is affected by a reflected Cross-Site Scripting vulnerability in plugins/wordpress_sso/pages/index.php via the wordpress_user parameter. If an attacker is able to persuade a victim to visit a crafted URL, malicious JavaScript content may be executed within the context of the victim's browser. | ||||
| CVE-2021-41948 | 1 Intelliants | 1 Subrion | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability exists in the "contact us" plugin for Subrion CMS <= 4.2.1 version via "List of subjects". | ||||
| CVE-2021-41946 | 1 Fiberhome | 2 Hg150-ub, Hg150-ub Firmware | 2024-11-21 | 5.4 Medium |
| In FiberHome VDSL2 Modem HG150-Ub_V3.0, a stored cross-site scripting (XSS) vulnerability in Parental Control --> Access Time Restriction --> Username field, a user cannot delete the rule due to the XSS. | ||||
| CVE-2021-41930 | 1 Online Covid Vaccination Scheduler System Project | 1 Online Covid Vaccination Scheduler System | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Sourcecodester Online Covid Vaccination Scheduler System v1 by oretnom23, allows attackers to execute arbitrary code via the lid parameter to /scheduler/addSchedule.php. | ||||
| CVE-2021-41929 | 1 The Electric Billing Management System Project | 1 The Electric Billing Management System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Sourcecodester The Electric Billing Management System 1.0 by oretnom23, allows attackers to execute arbitrary code via the about page. | ||||
| CVE-2021-41924 | 1 Webkul | 1 Krayin | 2024-11-21 | 6.1 Medium |
| Webkul krayin crm before 1.2.2 is vulnerable to Cross Site Scripting (XSS). | ||||