CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2021-42335 79 XSS 2021-10-15 2021-10-20
3.5
None Remote Medium ??? None Partial None
Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack.
2 CVE-2021-42329 79 XSS 2021-10-15 2021-10-20
3.5
None Remote Medium ??? None Partial None
The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks.
3 CVE-2021-42257 20 2021-10-11 2021-10-19
3.6
None Local Low Not required None Partial Partial
check_smart before 6.9.1 allows unintended drive access by an unprivileged user because it only checks for a substring match of a device path (the /dev/bus substring and a number), aka an unanchored regular expression.
4 CVE-2021-42092 79 XSS 2021-10-07 2021-10-14
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Zammad before 4.1.1. Stored XSS may occur via an Article during addition of an attachment to a Ticket.
5 CVE-2021-42085 79 XSS 2021-10-07 2021-10-13
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
6 CVE-2021-42053 79 XSS 2021-10-07 2021-10-14
3.5
None Remote Medium ??? None Partial None
The Unicorn framework through 0.35.3 for Django allows XSS via component.name.
7 CVE-2021-42044 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
An issue was discovered in the Mentor dashboard in the GrowthExperiments extension in MediaWiki through 1.36.2. The Growthexperiments-mentor-dashboard-mentee-overview-add-filter-total-edits-headline, growthexperiments-mentor-dashboard-mentee-overview-add-filter-starred-headline, growthexperiments-mentor-dashboard-mentee-overview-info-text, growthexperiments-mentor-dashboard-mentee-overview-info-legend-headline, and growthexperiments-mentor-dashboard-mentee-overview-active-ago MediaWiki messages were not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
8 CVE-2021-42042 79 XSS 2021-10-06 2021-10-14
3.5
None Remote Medium ??? None Partial None
An issue was discovered in SpecialEditGrowthConfig in the GrowthExperiments extension in MediaWiki through 1.36.2. The growthexperiments-edit-config-error-invalid-title MediaWiki message was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript.
9 CVE-2021-41918 79 XSS 2021-10-08 2021-10-15
3.5
None Remote Medium ??? None Partial None
webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page.
10 CVE-2021-41917 79 XSS 2021-10-08 2021-10-15
3.5
None Remote Medium ??? None Partial None
webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter.
11 CVE-2021-41391 79 XSS 2021-09-17 2021-09-29
3.5
None Remote Medium ??? None Partial None
In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover.
12 CVE-2021-41361 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Active Directory Federation Server Spoofing Vulnerability
13 CVE-2021-41354 79 XSS 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability
14 CVE-2021-41353 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics 365 (on-premises) Spoofing Vulnerability
15 CVE-2021-41156 79 XSS 2021-10-18 2021-10-22
3.5
None Remote Medium ??? None Partial None
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft an html form with malicious JavaScript, use social engineering to convince logged on users to execute a POST from such form, and have the attacker-supplied JavaScript to be executed in user's browser. This has been patched in version 1.19.30.5600. Upgrade is recommended. If it is not practical, introduce ttValidDbDateFormatDate function as in the latest version and add a call to it within the access checks block.
16 CVE-2021-41142 79 Exec Code XSS 2021-10-14 2021-10-20
3.5
None Remote Medium ??? None Partial None
Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. There is a cross-site scripting vulnerability in Tuleap Community Edition prior to 12.11.99.25 and Tuleap Enterprise Edition 12.11-2. A malicious user with the capability to add and remove attachment to an artifact could force a victim to execute uncontrolled code. Tuleap Community Edition 11.17.99.146 and Tuleap Enterprise Edition 12.11-2 contain a fix for the issue.
17 CVE-2021-41101 79 XSS 2021-09-30 2021-10-07
3.5
None Remote Medium ??? Partial None None
wire-server is an open-source back end for Wire, a secure collaboration platform. Before version 2.106.0, the CORS ` Access-Control-Allow-Origin ` header set by `nginz` is set for all subdomains of `.wire.com` (including `wire.com`). This means that if somebody were to find an XSS vector in any of the subdomains, they could use it to talk to the Wire API using the user's Cookie. A patch does not exist, but a workaround does. To make sure that a compromise of one subdomain does not yield access to the cookie of another, one may limit the `Access-Control-Allow-Origin` header to apps that actually require the cookie (account-pages, team-settings and the webapp).
18 CVE-2021-41086 79 XSS 2021-09-21 2021-09-29
3.5
None Remote Medium ??? None Partial None
jsuites is an open source collection of common required javascript web components. In affected versions users are subject to cross site scripting (XSS) attacks via clipboard content. jsuites is vulnerable to DOM based XSS if the user can be tricked into copying _anything_ from a malicious and pasting it into the html editor. This is because a part of the clipboard content is directly written to `innerHTML` allowing for javascript injection and thus XSS. Users are advised to update to version 4.9.11 to resolve.
19 CVE-2021-40966 79 XSS 2021-09-15 2021-09-27
3.5
None Remote Medium ??? None Partial None
A Stored XSS exists in TinyFileManager All version up to and including 2.4.6 in /tinyfilemanager.php when the server is given a file that contains HTML and javascript in its name. A malicious user can upload a file with a malicious filename containing javascript code and it will run on any user browser when they access the server.
20 CVE-2021-40888 79 Exec Code XSS 2021-10-11 2021-10-18
3.5
None Remote Medium ??? None Partial None
Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code.
21 CVE-2021-40721 79 XSS 2021-10-15 2021-10-21
3.5
None Remote Medium ??? None Partial None
Adobe Connect version 11.2.2 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser.
22 CVE-2021-40509 79 XSS 2021-09-04 2021-09-09
3.5
None Remote Medium ??? None Partial None
ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature.
23 CVE-2021-40484 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40483.
24 CVE-2021-40483 2021-10-13 2021-10-19
3.5
None Remote Medium ??? None Partial None
Microsoft SharePoint Server Spoofing Vulnerability This CVE ID is unique from CVE-2021-40484.
25 CVE-2021-40440 79 XSS 2021-09-15 2021-09-24
3.5
None Remote Medium ??? None Partial None
Microsoft Dynamics Business Central Cross-site Scripting Vulnerability
26 CVE-2021-40377 79 XSS 2021-09-08 2021-09-14
3.5
None Remote Medium ??? None Partial None
SmarterTools SmarterMail 16.x before build 7866 has stored XSS. The application fails to sanitize email content, thus allowing one to inject HTML and/or JavaScript into a page that will then be processed and stored by the application.
27 CVE-2021-40310 79 XSS 2021-09-24 2021-09-30
3.5
None Remote Medium ??? None Partial None
OpenSIS Community Edition version 8.0 is affected by a cross-site scripting (XSS) vulnerability in the TakeAttendance.php via the cp_id_miss_attn parameter.
28 CVE-2021-40292 79 XSS 2021-10-12 2021-10-19
3.5
None Remote Medium ??? None Partial None
A Stored Cross Site Sripting (XSS) vulnerability exists in DzzOffice 2.02.1 via the settingnew parameter.
29 CVE-2021-40223 79 XSS 2021-09-09 2021-09-22
3.5
None Remote Medium ??? None Partial None
Rittal CMC PU III Web management (version V3.11.00_2) fails to sanitize user input on several parameters of the configuration (User Configuration dialog, Task Configuration dialog and set logging filter dialog). This allows an attacker to backdoor the device with HTML and browser-interpreted content (such as JavaScript or other client-side scripts). The XSS payload will be triggered when the user accesses some specific sections of the application.
30 CVE-2021-40214 79 XSS 2021-09-13 2021-09-22
3.5
None Remote Medium ??? None Partial None
Gibbon v22.0.00 suffers from a stored XSS vulnerability within the wall messages component.
31 CVE-2021-40191 79 XSS 2021-10-11 2021-10-18
3.5
None Remote Medium ??? None Partial None
Dzzoffice Version 2.02.1 is affected by cross-site scripting (XSS) due to a lack of sanitization of input data at all upload functions in webroot/dzz/attach/Uploader.class.php and return a wrong response in content-type of output data in webroot/dzz/attach/controller.php.
32 CVE-2021-40100 79 XSS 2021-09-24 2021-09-30
3.5
None Remote Medium ??? None Partial None
An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text.
33 CVE-2021-40086 668 2021-08-25 2021-09-07
3.5
None Remote Medium ??? Partial None None
An issue was discovered in PrimeKey EJBCA before 7.6.0. As part of the configuration of the aliases for SCEP, CMP, EST, and Auto-enrollment, the enrollment secret was reflected on a page (that can only be viewed by an administrator). While hidden from direct view, checking the page source would reveal the secret.
34 CVE-2021-39887 79 Exec Code XSS 2021-10-05 2021-10-08
3.5
None Remote Medium ??? None Partial None
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
35 CVE-2021-39885 79 Exec Code XSS 2021-10-04 2021-10-12
3.5
None Remote Medium ??? None Partial None
A Stored XSS in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
36 CVE-2021-39881 2021-10-05 2021-10-09
3.5
None Remote Medium ??? None Partial None
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names which may allow the malicious user to trick unsuspecting users to authorize the malicious client application using the spoofed scope name and description.
37 CVE-2021-39878 79 Exec Code XSS 2021-10-05 2021-10-12
3.5
None Remote Medium ??? None Partial None
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.
38 CVE-2021-39609 79 XSS 2021-08-23 2021-08-30
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
39 CVE-2021-39496 79 XSS 2021-09-07 2021-09-09
3.5
None Remote Medium ??? None Partial None
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
40 CVE-2021-39486 79 XSS 2021-10-04 2021-10-12
3.5
None Remote Medium ??? None Partial None
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
41 CVE-2021-39404 79 XSS 2021-09-22 2021-09-29
3.5
None Remote Medium ??? None Partial None
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.
42 CVE-2021-39355 79 XSS 2021-10-19 2021-10-22
3.5
None Remote Medium ??? None Partial None
The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/indeed-job-importer/trunk/indeed-job-importer.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.5. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
43 CVE-2021-39343 79 XSS 2021-10-19 2021-10-22
3.5
None Remote Medium ??? None Partial None
The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/libs/PublisherController.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.30.2. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
44 CVE-2021-39329 79 XSS 2021-10-19 2021-10-22
3.5
None Remote Medium ??? None Partial None
The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the ~/includes/admin/class-metabox.php file which allowed attackers with administrative user access to inject arbitrary web scripts, in versions up to and including 1.0.7. This affects multi-site installations where unfiltered_html is disabled for administrators, and sites where unfiltered_html is disabled.
45 CVE-2021-39250 79 Exec Code XSS 2021-08-17 2021-08-25
3.5
None Remote Medium ??? None Partial None
Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML).
46 CVE-2021-39246 532 2021-09-24 2021-10-01
3.6
None Local Low Not required Partial Partial None
Tor Browser through 10.5.6 and 11.x through 11.0a4 allows a correlation attack that can compromise the privacy of visits to v2 onion addresses. Exact timestamps of these onion-service visits are logged locally, and an attacker might be able to compare them to timestamp data collected by the destination server (or collected by a rogue site within the Tor network).
47 CVE-2021-39219 843 2021-09-17 2021-10-04
3.3
None Local Medium Not required None Partial Partial
Wasmtime is an open source runtime for WebAssembly & WASI. Wasmtime before version 0.30.0 is affected by a type confusion vulnerability. As a Rust library the `wasmtime` crate clearly marks which functions are safe and which are `unsafe`, guaranteeing that if consumers never use `unsafe` then it should not be possible to have memory unsafety issues in their embeddings of Wasmtime. An issue was discovered in the safe API of `Linker::func_*` APIs. These APIs were previously not sound when one `Engine` was used to create the `Linker` and then a different `Engine` was used to create a `Store` and then the `Linker` was used to instantiate a module into that `Store`. Cross-`Engine` usage of functions is not supported in Wasmtime and this can result in type confusion of function pointers, resulting in being able to safely call a function with the wrong type. Triggering this bug requires using at least two `Engine` values in an embedding and then additionally using two different values with a `Linker` (one at the creation time of the `Linker` and another when instantiating a module with the `Linker`). It's expected that usage of more-than-one `Engine` in an embedding is relatively rare since an `Engine` is intended to be a globally shared resource, so the expectation is that the impact of this issue is relatively small. The fix implemented is to change this behavior to `panic!()` in Rust instead of silently allowing it. Using different `Engine` instances with a `Linker` is a programmer bug that `wasmtime` catches at runtime. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime and are using more than one `Engine` in your embedding it's recommended to instead use only one `Engine` for the entire program if possible. An `Engine` is designed to be a globally shared resource that is suitable to have only one for the lifetime of an entire process. If using multiple `Engine`s is required then code should be audited to ensure that `Linker` is only used with one `Engine`.
48 CVE-2021-39218 125 Bypass 2021-09-17 2021-10-04
3.3
None Local Medium Not required None Partial Partial
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.26.0 and before version 0.30.0 is affected by a memory unsoundness vulnerability. There was an invalid free and out-of-bounds read and write bug when running Wasm that uses `externref`s in Wasmtime. To trigger this bug, Wasmtime needs to be running Wasm that uses `externref`s, the host creates non-null `externrefs`, Wasmtime performs a garbage collection (GC), and there has to be a Wasm frame on the stack that is at a GC safepoint where there are no live references at this safepoint, and there is a safepoint with live references earlier in this frame's function. Under this scenario, Wasmtime would incorrectly use the GC stack map for the safepoint from earlier in the function instead of the empty safepoint. This would result in Wasmtime treating arbitrary stack slots as `externref`s that needed to be rooted for GC. At the *next* GC, it would be determined that nothing was referencing these bogus `externref`s (because nothing could ever reference them, because they are not really `externref`s) and then Wasmtime would deallocate them and run `<ExternRef as Drop>::drop` on them. This results in a free of memory that is not necessarily on the heap (and shouldn't be freed at this moment even if it was), as well as potential out-of-bounds reads and writes. Even though support for `externref`s (via the reference types proposal) is enabled by default, unless you are creating non-null `externref`s in your host code or explicitly triggering GCs, you cannot be affected by this bug. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. This bug has been patched and users should upgrade to Wasmtime version 0.30.0. If you cannot upgrade Wasmtime at this time, you can avoid this bug by disabling the reference types proposal by passing `false` to `wasmtime::Config::wasm_reference_types`.
49 CVE-2021-39216 416 Bypass 2021-09-17 2021-10-04
3.3
None Local Medium Not required None Partial Partial
Wasmtime is an open source runtime for WebAssembly & WASI. In Wasmtime from version 0.19.0 and before version 0.30.0 there was a use-after-free bug when passing `externref`s from the host to guest Wasm content. To trigger the bug, you have to explicitly pass multiple `externref`s from the host to a Wasm instance at the same time, either by passing multiple `externref`s as arguments from host code to a Wasm function, or returning multiple `externref`s to Wasm from a multi-value return function defined in the host. If you do not have host code that matches one of these shapes, then you are not impacted. If Wasmtime's `VMExternRefActivationsTable` became filled to capacity after passing the first `externref` in, then passing in the second `externref` could trigger a garbage collection. However the first `externref` is not rooted until we pass control to Wasm, and therefore could be reclaimed by the collector if nothing else was holding a reference to it or otherwise keeping it alive. Then, when control was passed to Wasm after the garbage collection, Wasm could use the first `externref`, which at this point has already been freed. We have reason to believe that the effective impact of this bug is relatively small because usage of `externref` is currently quite rare. The bug has been fixed, and users should upgrade to Wasmtime 0.30.0. If you cannot upgrade Wasmtime yet, you can avoid the bug by disabling reference types support in Wasmtime by passing `false` to `wasmtime::Config::wasm_reference_types`.
50 CVE-2021-39212 668 2021-09-13 2021-09-24
3.6
None Local Low Not required Partial Partial None
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. <policy domain="module" rights="none" pattern="PS" />. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: <policy domain="coder" rights="none" pattern="{PS,EPI,EPS,EPSF,EPSI}" />.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.