CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1101 CVE-2021-20506 79 XSS 2021-03-30 2021-03-31
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
1102 CVE-2021-20505 2021-07-29 2021-08-09
3.5
None Remote Medium ??? Partial None None
The PowerVM Logical Partition Mobility(LPM) (PowerVM Hypervisor FW920, FW930, FW940, and FW950) encryption key exchange protocol can be compromised. If an attacker has the ability to capture encrypted LPM network traffic and is able to gain service access to the FSP they can use this information to perform a series of PowerVM service procedures to decrypt the captured migration traffic IBM X-Force ID: 198232
1103 CVE-2021-20504 79 XSS 2021-03-30 2021-03-31
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198231.
1104 CVE-2021-20503 79 XSS 2021-03-30 2021-03-31
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 198182.
1105 CVE-2021-20488 668 2021-06-16 2021-06-21
3.5
None Remote Medium ??? None Partial None
IBM Security Identity Manager 6.0.2 could allow an authenticated malicious user to change the passwords of other users in the Windows AD environment when IBM Security Identity Manager Windows Password Synch Plug-in is deployed and configured. IBM X-Force ID: 197789.
1106 CVE-2021-20484 79 XSS 2021-09-23 2021-09-29
3.5
None Remote Medium ??? None Partial None
IBM Sterling File Gateway 2.2.0.0 through 6.1.0.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 197666.
1107 CVE-2021-20477 79 XSS 2021-06-29 2021-06-30
3.5
None Remote Medium ??? None Partial None
IBM Planning Analytics 2.0 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196949.
1108 CVE-2021-20448 79 XSS 2021-04-27 2021-05-03
3.5
None Remote Medium ??? None Partial None
IBM Content Navigator 3.0.CD is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196624.
1109 CVE-2021-20447 79 XSS 2021-03-30 2021-03-31
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196623.
1110 CVE-2021-20446 79 XSS 2021-02-18 2021-02-19
3.5
None Remote Medium ??? None Partial None
IBM Maximo for Civil Infrastructure 7.6.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 196622.
1111 CVE-2021-20410 312 2021-02-12 2021-02-12
3.5
None Remote Medium ??? Partial None None
IBM Security Verify Information Queue 1.0.6 and 1.0.7 sends user credentials in plain clear text which can be read by an authenticated user using man in the middle techniques. IBM X-Force ID: 198190.
1112 CVE-2021-20374 79 XSS 2021-05-19 2021-05-26
3.5
None Remote Medium ??? None Partial None
IBM Maximo Asset Management 7.6.0 and 7.6.1 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195522.
1113 CVE-2021-20368 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195357.
1114 CVE-2021-20366 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195037.
1115 CVE-2021-20365 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195036.
1116 CVE-2021-20364 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195035.
1117 CVE-2021-20363 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195034.
1118 CVE-2021-20362 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195033.
1119 CVE-2021-20361 79 XSS 2021-07-13 2021-07-14
3.5
None Remote Medium ??? None Partial None
IBM Cloud Pak for Applications 4.3 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 195032.
1120 CVE-2021-20357 79 XSS 2021-01-27 2021-01-29
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194963.
1121 CVE-2021-20352 79 XSS 2021-03-30 2021-03-31
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation Products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194710.
1122 CVE-2021-20351 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194708.
1123 CVE-2021-20350 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194707.
1124 CVE-2021-20340 79 XSS 2021-03-04 2021-03-05
3.5
None Remote Medium ??? None Partial None
IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194451.
1125 CVE-2021-20338 79 XSS 2021-06-02 2021-06-07
3.5
None Remote Medium ??? None Partial None
IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 194449.
1126 CVE-2021-20336 79 XSS 2021-03-11 2021-03-17
3.5
None Remote Medium ??? None Partial None
IBM Tivoli Netcool/OMNIbus_GUI 8.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
1127 CVE-2021-20331 200 Exec Code +Info 2021-05-13 2021-06-03
3.5
None Remote Medium ??? Partial None None
Specific versions of the MongoDB C# Driver may erroneously publish events containing authentication-related data to a command listener configured by an application. The published events may contain security-sensitive data when commands such as "saslStart", "saslContinue", "isMaster", "createUser", and "updateUser" are executed. Without due care, an application may inadvertently expose this authenticated-related information, e.g., by writing it to a log file. This issue only arises if an application enables the command listener feature (this is not enabled by default). This issue affects the MongoDB C# Driver 2.12 <= 2.12.1.
1128 CVE-2021-20280 79 XSS 2021-03-15 2021-11-30
3.5
None Remote Medium ??? None Partial None
Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
1129 CVE-2021-20279 79 XSS 2021-03-15 2021-03-23
3.5
None Remote Medium ??? None Partial None
The ID number user profile field required additional sanitizing to prevent a stored XSS risk in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.
1130 CVE-2021-20253 552 2021-03-09 2021-06-02
3.5
None Local High ??? Partial Partial Partial
A flaw was found in ansible-tower. The default installation is vulnerable to Job Isolation escape allowing an attacker to elevate the privilege from a low privileged user to the awx user from outside the isolated environment. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
1131 CVE-2021-20197 59 2021-03-26 2021-05-28
3.3
None Local Medium Not required Partial Partial None
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.
1132 CVE-2021-20128 79 XSS 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
The Profile Name field in the floor plan (Network Menu) page in Draytek VigorConnect 1.6.0-B3 was found to be vulnerable to stored XSS, as user input is not properly sanitized.
1133 CVE-2021-20112 79 XSS 2021-07-30 2021-08-02
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_select_mediafile.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_select_mediafile.php could upload a malicious javascript payload which would be triggered when another user views the file.
1134 CVE-2021-20111 79 XSS 2021-07-30 2021-08-02
3.5
None Remote Medium ??? None Partial None
A stored cross-site scripting vulnerability exists in TCExam <= 14.8.1. Valid files uploaded via tce_filemanager.php with a filename beggining with a period will be rendered as text/html. An attacker with access to tce_filemanager.php could upload a malicious javascript payload which would be triggered when another user views the file.
1135 CVE-2021-20071 79 XSS 2021-02-16 2021-08-17
3.5
None Remote Medium ??? None Partial None
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the sms.php dialogs.
1136 CVE-2021-20070 79 XSS 2021-02-16 2021-08-17
3.5
None Remote Medium ??? None Partial None
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scriptings attacks via the virtualization.php dialogs.
1137 CVE-2021-20069 79 XSS 2021-02-16 2021-08-17
3.5
None Remote Medium ??? None Partial None
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the regionalSettings.php dialogs.
1138 CVE-2021-20068 79 XSS 2021-02-16 2021-08-17
3.5
None Remote Medium ??? None Partial None
Racom's MIDGE Firmware 4.4.40.105 contains an issue that allows attackers to conduct cross-site scripting attacks via the error handling functionality of web pages.
1139 CVE-2021-4020 79 XSS 2021-11-27 2021-11-30
3.5
None Remote Medium ??? None Partial None
janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1140 CVE-2021-4018 79 XSS 2021-12-01 2021-12-02
3.5
None Remote Medium ??? None Partial None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1141 CVE-2021-3961 79 XSS 2021-11-19 2021-11-23
3.5
None Remote Medium ??? None Partial None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1142 CVE-2021-3950 79 XSS 2021-11-19 2021-11-23
3.5
None Remote Medium ??? None Partial None
django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1143 CVE-2021-3938 79 XSS 2021-11-13 2021-11-16
3.5
None Remote Medium ??? None Partial None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1144 CVE-2021-3920 79 XSS 2021-11-19 2021-11-23
3.5
None Remote Medium ??? None Partial None
grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1145 CVE-2021-3915 434 2021-11-13 2021-11-17
3.5
None Remote Medium ??? Partial None None
bookstack is vulnerable to Unrestricted Upload of File with Dangerous Type
1146 CVE-2021-3904 79 XSS 2021-10-27 2021-10-29
3.5
None Remote Medium ??? None Partial None
grav is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1147 CVE-2021-3879 79 XSS 2021-10-19 2021-10-21
3.5
None Remote Medium ??? None Partial None
snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1148 CVE-2021-3830 79 XSS 2021-09-26 2021-10-01
3.5
None Remote Medium ??? None Partial None
btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
1149 CVE-2021-3791 532 2021-11-12 2021-11-16
3.3
None Local Network Low Not required Partial None None
An information disclosure vulnerability was reported in some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same subnet to download an encrypted log file containing sensitive information such as WiFi SSID and password.
1150 CVE-2021-3790 120 Overflow 2021-11-12 2021-11-16
3.3
None Local Network Low Not required None None Partial
A buffer overflow was reported in the local web server of some Motorola-branded Binatone Hubble Cameras that could allow an unauthenticated attacker on the same network to perform a denial-of-service attack against the device.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.