Total
65469 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-0437 | 1 Karma Project | 1 Karma | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site Scripting (XSS) - DOM in NPM karma prior to 6.3.14. | |||||
| CVE-2021-41015 | 1 Fortinet | 1 Fortiweb | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or commands via crafted HTTP requests to SAML login handler | |||||
| CVE-2021-24610 | 1 Cozmoslabs | 1 Translatepress | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| The TranslatePress WordPress plugin before 2.0.9 does not implement a proper sanitisation on the translated strings. The 'trp_sanitize_string' function only removes script tag with a regex, still allowing other HTML tags and attributes to execute javascript, which could lead to authenticated Stored Cross-Site Scripting issues. | |||||
| CVE-2021-39126 | 1 Atlassian | 2 Jira Data Center, Jira Server | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| Affected versions of Atlassian Jira Server and Data Center allow remote attackers to modify various resources via a Cross-Site Request Forgery (CSRF) vulnerability, following an Information Disclosure vulnerability in the referrer headers which discloses a user's CSRF token. The affected versions are before version 8.5.10, and from version 8.6.0 before 8.13.1. | |||||
| CVE-2021-30659 | 1 Apple | 4 Ipados, Iphone Os, Macos and 1 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information. | |||||
| CVE-2021-46477 | 1 Jsish | 1 Jsish | 2023-12-10 | 4.3 MEDIUM | 5.5 MEDIUM |
| Jsish v3.5.0 was discovered to contain a heap buffer overflow via RegExp_constructor in src/jsiRegexp.c. This vulnerability can lead to a Denial of Service (DoS). | |||||
| CVE-2021-24608 | 1 Strategy11 | 1 Formidable Form Builder | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| The Formidable Form Builder – Contact Form, Survey & Quiz Forms Plugin for WordPress plugin before 5.0.07 does not sanitise and escape its Form's Labels, allowing high privileged users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed | |||||
| CVE-2022-23807 | 1 Phpmyadmin | 1 Phpmyadmin | 2023-12-10 | 4.0 MEDIUM | 4.3 MEDIUM |
| An issue was discovered in phpMyAdmin 4.9 before 4.9.8 and 5.1 before 5.1.2. A valid user who is already authenticated to phpMyAdmin can manipulate their account to bypass two-factor authentication for future login instances. | |||||
| CVE-2022-0260 | 1 Pimcore | 1 Pimcore | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| Cross-site Scripting (XSS) - Stored in GitHub repository pimcore/pimcore prior to 10.2.7. | |||||
| CVE-2021-1811 | 1 Apple | 8 Icloud, Ipados, Iphone Os and 5 more | 2023-12-10 | 4.3 MEDIUM | 6.5 MEDIUM |
| A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. | |||||
| CVE-2021-38877 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 208405. | |||||
| CVE-2022-22846 | 1 Dnslib Project | 1 Dnslib | 2023-12-10 | 5.0 MEDIUM | 5.3 MEDIUM |
| The dnslib package through 0.9.16 for Python does not verify that the ID value in a DNS reply matches an ID value in a query. | |||||
| CVE-2021-39344 | 1 Kajoom | 1 Kjm Admin Notices | 2023-12-10 | 2.1 LOW | 4.8 MEDIUM |
| The KJM Admin Notices WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/admin/class-kjm-admin-notices-admin.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 2.0.1. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled. | |||||
| CVE-2021-34855 | 1 Parallels | 1 Parallels Desktop | 2023-12-10 | 2.1 LOW | 6.5 MEDIUM |
| This vulnerability allows local attackers to disclose sensitive information on affected installations of Parallels Desktop 16.1.3 (49160). An attacker must first obtain the ability to execute low-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the Toolgate component. The issue results from the lack of proper initialization of memory prior to accessing it. An attacker can leverage this in conjunction with other vulnerabilities to escalate privileges and execute arbitrary code in the context of the hypervisor. Was ZDI-CAN-13592. | |||||
| CVE-2021-33697 | 1 Sap | 1 Businessobjects Business Intelligence | 2023-12-10 | 5.8 MEDIUM | 6.1 MEDIUM |
| Under certain conditions, SAP BusinessObjects Business Intelligence Platform (SAPUI5), versions - 420, 430, can allow an unauthenticated attacker to redirect users to a malicious site due to Reverse Tabnabbing vulnerabilities. | |||||
| CVE-2021-29810 | 3 Ibm, Linux, Microsoft | 4 Aix, Jazz For Service Management, Linux Kernel and 1 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| IBM Jazz for Service Management 1.1.3.10 and IBM Tivoli Netcool/OMNIbus_GUI is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 204279. | |||||
| CVE-2022-23110 | 1 Jenkins | 1 Publish Over Ssh | 2023-12-10 | 3.5 LOW | 4.8 MEDIUM |
| Jenkins Publish Over SSH Plugin 1.22 and earlier does not escape the SSH server name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Overall/Administer permission. | |||||
| CVE-2021-31373 | 1 Juniper | 28 Junos, Srx100, Srx110 and 25 more | 2023-12-10 | 3.5 LOW | 5.4 MEDIUM |
| A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. An attacker can exploit this vulnerability to steal sensitive data and credentials from a web administration session, or hijack another user's active session to perform administrative actions. This issue affects: Juniper Networks Junos OS on SRX Series: 18.2 versions prior to 18.2R3-S8; 18.3 versions prior to 18.3R3-S5; 18.4 versions prior to 18.4R3-S8; 19.1 versions prior to 19.1R3-S5; 19.2 versions prior to 19.2R1-S7, 19.2R3-S3; 19.3 versions prior to 19.3R2-S6, 19.3R3-S3; 19.4 versions prior to 19.4R1-S4, 19.4R2-S4, 19.4R3-S3; 20.1 versions prior to 20.1R2-S2, 20.1R3; 20.2 versions prior to 20.2R3-S1; 20.3 versions prior to 20.3R2-S1, 20.3R3. | |||||
| CVE-2021-0625 | 1 Google | 1 Android | 2023-12-10 | 7.2 HIGH | 6.7 MEDIUM |
| In ccu, there is a possible memory corruption due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS05594996; Issue ID: ALPS05594996. | |||||
| CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2023-12-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | |||||