Export limit exceeded: 348669 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45732 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45732 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2024-11-21 | 5.4 Medium |
| SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | ||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. | ||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 6.1 Medium |
| In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. | ||||
| CVE-2021-35440 | 1 Smashing Project | 1 Smashing | 2024-11-21 | 6.1 Medium |
| Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker. | ||||
| CVE-2021-35415 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 4.8 Medium |
| A stored cross-site scripting (XSS) vulnerability allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the course "Title" and "Content" fields. | ||||
| CVE-2021-35361 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/links of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | ||||
| CVE-2021-35360 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| A reflected cross site scripting (XSS) vulnerability in dotAdmin/#/c/containers of dotCMS 21.05.1 allows attackers to execute arbitrary commands or HTML via a crafted payload. | ||||
| CVE-2021-35358 | 1 Dotcms | 1 Dotcms | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting (XSS) vulnerability in dotAdmin/#/c/c_Images of dotCMS 21.05.1 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Title' and 'Filename' parameters. | ||||
| CVE-2021-35323 | 1 Bludit | 1 Bludit | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. | ||||
| CVE-2021-35303 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via the User Avatar attribute. | ||||
| CVE-2021-35298 | 1 Zammad | 1 Zammad | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Zammad 1.0.x up to 4.0.0 allows remote attackers to execute arbitrary web script or HTML via multiple models that contain a 'note' field to store additional information. | ||||
| CVE-2021-35265 | 1 Maxsite | 1 Maxsite Cms | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) vulnerability in MaxSite CMS before V106 via product/page/* allows remote attackers to inject arbitrary web script to a page. | ||||
| CVE-2021-35240 | 2 Microsoft, Solarwinds | 2 Internet Explorer, Orion Platform | 2024-11-21 | 6.5 Medium |
| A security researcher stored XSS via a Help Server setting. This affects customers using Internet Explorer, because they do not support 'rel=noopener'. | ||||
| CVE-2021-35239 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 7.5 High |
| A security researcher found a user with Orion map manage rights could store XSS through via text box hyperlink. | ||||
| CVE-2021-35238 | 1 Solarwinds | 1 Orion Platform | 2024-11-21 | 4.8 Medium |
| User with Orion Platform Admin Rights could store XSS through URL POST parameter in CreateExternalWebsite website. | ||||
| CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 6.8 Medium |
| Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | ||||
| CVE-2021-35229 | 1 Solarwinds | 2 Database Performance Analyzer, Database Performance Monitor | 2024-11-21 | 6.8 Medium |
| Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | ||||
| CVE-2021-35228 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 5.5 Medium |
| This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim. | ||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 4.7 Medium |
| The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | ||||
| CVE-2021-35222 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 8 High |
| This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | ||||