CVE-2021-41565

TadTools special page parameter does not properly restrict the input of peculiar characters, thus remote attackers can inject JavaScript syntax without logging in, and further perform reflective XSS attacks. (CVSS:0.0) (Final Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-41567

The new add subject parameter of Tad Uploader view Bible list function fails to filter special characters. Unauthenticated attackers can remotely inject JavaScript syntax and execute stored XSS attacks. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-41917

webTareas version 2.4 and earlier allows an authenticated user to store arbitrary web script or HTML by creating or editing a client name in the clients section, due to incorrect sanitization of user-supplied data and achieve a Stored Cross-Site Scripting attack against the platform users and administrators. The affected endpoint is /clients/editclient.php, on the HTTP POST cn parameter. (CVSS:0.0) (Concluding Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-41918

webTareas version 2.4 and earlier allows an authenticated user to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and achieve a Reflected Cross-Site Scripting attack against the platform users and administrators. The issue affects every endpoint on the application because it is related on how each URL is echoed back on every response page. (CVSS:0.0) (Last Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-42112

The "File upload question" functionality in LimeSurvey 3.x-LTS through 3.27.18 allows XSS in assets/scripts/modaldialog.js and assets/scripts/uploader.js. (CVSS:0.0) (Terminal Update:2021-10-08)

2021-10-07T20:00:00-04:00October 7th, 2021|Cross Site Scripting|

CVE-2021-20571

IBM Sterling B2B Integrator 5.2.0.0 through 6.1.1.0 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 199246. (CVSS:0.0) (Final Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Cross Site Scripting|

CVE-2020-21729

JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload. (CVSS:0.0) (Final Update:2021-10-07)

2021-10-06T20:00:00-04:00October 6th, 2021|Cross Site Scripting|
Go to Top