Export limit exceeded: 348910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 348910 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45757 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45757 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42656 | 1 Sscms | 1 Siteserver Cms | 2024-11-21 | 5.4 Medium |
| SiteServer CMS V6.15.51 is affected by a Cross Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-42650 | 1 Portainer | 1 Portainer | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates. | ||||
| CVE-2021-42648 | 1 Coder | 1 Code-server | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability exists in Coder Code-Server before 3.12.0, allows attackers to execute arbitrary code via crafted URL. | ||||
| CVE-2021-42639 | 1 Printerlogic | 1 Web Stack | 2024-11-21 | 6.1 Medium |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below are vulnerable to multiple reflected cross site scripting vulnerabilities. Attacker controlled input is reflected back in the page without sanitization. | ||||
| CVE-2021-42635 | 3 Apple, Linux, Printerlogic | 3 Macos, Linux Kernel, Web Stack | 2024-11-21 | 8.1 High |
| PrinterLogic Web Stack versions 19.1.1.13 SP9 and below use a hardcoded APP_KEY value, leading to pre-auth remote code execution. | ||||
| CVE-2021-42597 | 1 Storage Unit Rental Management System Project | 1 Storage Unit Rental Management System | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Storage Unit Rental Management System PHP 8.0.10 , Apache 2.4.14, SURMS V 1.0 via the Add New Tenant List Rent List form. | ||||
| CVE-2021-42584 | 1 Convos | 1 Convos | 2024-11-21 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) issue exists in Convos-Chat before 6.32. | ||||
| CVE-2021-42567 | 1 Apereo | 1 Central Authentication Service | 2024-11-21 | 6.1 Medium |
| Apereo CAS through 6.4.1 allows XSS via POST requests sent to the REST API endpoints. | ||||
| CVE-2021-42566 | 1 Myfactory | 1 Fms | 2024-11-21 | 6.1 Medium |
| myfactory.FMS before 7.1-912 allows XSS via the Error parameter. | ||||
| CVE-2021-42565 | 1 Myfactory | 1 Fms | 2024-11-21 | 6.1 Medium |
| myfactory.FMS before 7.1-912 allows XSS via the UID parameter. | ||||
| CVE-2021-42558 | 1 Mitre | 1 Caldera | 2024-11-21 | 6.1 Medium |
| An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers. | ||||
| CVE-2021-42552 | 1 Archivista | 1 Archivistabox | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I. | ||||
| CVE-2021-42551 | 1 Alcoda | 1 Netbiblio | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions. | ||||
| CVE-2021-42549 | 1 Wpcloudplugins | 1 Lets-box | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42548 | 1 Wpcloudplugins | 1 Share-one-drive | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42547 | 1 Wpcloudplugins | 1 Out-of-the-box | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42546 | 1 Wpcloudplugins | 1 Use-your-drive | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42534 | 1 Trane | 2 Tracer Sc, Tracer Sc Firmware | 2024-11-21 | 6.3 Medium |
| The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. | ||||
| CVE-2021-42357 | 1 Apache | 1 Knox | 2024-11-21 | 6.1 Medium |
| When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign. | ||||
| CVE-2021-42335 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 5.4 Medium |
| Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack. | ||||