Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary web script or HTML in the “new_username” field during creation of a new user via “Copy” method at user_admin.php.
CWE-79
CVE-2021-23228
DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”.
CVE-2021-23260
Authenticated users with Site roles may inject XSS scripts via file names that will execute in the browser for this and other users of the same site.
CVE-2021-23271
The TIBCO EBX Web Server component of TIBCO Software Inc.’s TIBCO EBX contains a vulnerability that theoretically allows a low privileged attacker with network access to execute a Stored Cross Site Scripting (XSS) attack on the affected system. Affected releases are TIBCO Software Inc.’s TIBCO EBX: versions 5.9.12 and below.
CVE-2021-23124
An issue was discovered in Joomla! 3.9.0 through 3.9.23. The lack of escaping in mod_breadcrumbs aria-label attribute allows XSS attacks.
CVE-2021-23125
An issue was discovered in Joomla! 3.1.0 through 3.9.23. The lack of escaping of image-related parameters in multiple com_tags views cause lead to XSS attack vectors.