Export limit exceeded: 45737 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45737 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35232 | 1 Solarwinds | 1 Webhelpdesk | 2024-11-21 | 6.8 Medium |
| Hard coded credentials discovered in SolarWinds Web Help Desk product. Through these credentials, the attacker with local access to the Web Help Desk host machine allows to execute arbitrary HQL queries against the database and leverage the vulnerability to steal the password hashes of the users or insert arbitrary data into the database. | ||||
| CVE-2021-35229 | 1 Solarwinds | 2 Database Performance Analyzer, Database Performance Monitor | 2024-11-21 | 6.8 Medium |
| Cross-site scripting vulnerability is present in Database Performance Monitor 2022.1.7779 and previous versions when using a complex SQL query | ||||
| CVE-2021-35228 | 1 Solarwinds | 1 Database Performance Analyzer | 2024-11-21 | 5.5 Medium |
| This vulnerability occurred due to missing input sanitization for one of the output fields that is extracted from headers on specific section of page causing a reflective cross site scripting attack. An attacker would need to perform a Man in the Middle attack in order to change header for a remote victim. | ||||
| CVE-2021-35227 | 1 Solarwinds | 1 Access Rights Manager | 2024-11-21 | 4.7 Medium |
| The HTTP interface was enabled for RabbitMQ Plugin in ARM 2020.2.6 and the ability to configure HTTPS was not available. | ||||
| CVE-2021-35222 | 2 Microsoft, Solarwinds | 2 Windows, Orion Platform | 2024-11-21 | 8 High |
| This vulnerability allows attackers to impersonate users and perform arbitrary actions leading to a Remote Code Execution (RCE) from the Alerts Settings page. | ||||
| CVE-2021-35210 | 1 Contao | 1 Contao | 2024-11-21 | 6.1 Medium |
| Contao 4.5.x through 4.9.x before 4.9.16, and 4.10.x through 4.11.x before 4.11.5, allows XSS. It is possible to inject code into the tl_log table that will be executed in the browser when the system log is called in the back end. | ||||
| CVE-2021-35208 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 5.4 Medium |
| An issue was discovered in ZmMailMsgView.js in the Calendar Invite component in Zimbra Collaboration Suite 8.8.x before 8.8.15 Patch 23. An attacker could place HTML containing executable JavaScript inside element attributes. This markup becomes unescaped, causing arbitrary markup to be injected into the document. | ||||
| CVE-2021-35207 | 1 Zimbra | 1 Collaboration | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Zimbra Collaboration Suite 8.8 before 8.8.15 Patch 23 and 9.0 before 9.0.0 Patch 16. An XSS vulnerability exists in the login component of Zimbra Web Client, in which an attacker can execute arbitrary JavaScript by adding executable JavaScript to the loginErrorCode parameter of the login url. | ||||
| CVE-2021-35204 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 5.4 Medium |
| NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. | ||||
| CVE-2021-35200 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 4.8 Medium |
| NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. | ||||
| CVE-2021-35199 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 5.4 Medium |
| NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. | ||||
| CVE-2021-35198 | 1 Netscout | 1 Ngeniusone | 2024-11-21 | 5.4 Medium |
| NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. | ||||
| CVE-2021-35061 | 1 Drk-odenwaldkreis | 1 Testerfassung | 2024-11-21 | 6.1 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in DRK Odenwaldkreis Testerfassung March-2021 allow remote attackers to inject arbitrary web script or HTML via all parameters to HTML form fields in all components. | ||||
| CVE-2021-35059 | 1 Openwaygroup | 1 Way4 | 2024-11-21 | 6.1 Medium |
| OpenWay WAY4 ACS before 1.2.278-2693 allows XSS via the /way4acs/enroll action parameter. | ||||
| CVE-2021-35045 | 1 Icehrm | 1 Icehrm | 2024-11-21 | 6.1 Medium |
| Cross site scripting (XSS) vulnerability in Ice Hrm 29.0.0.OS, allows attackers to execute arbitrary code via the parameters to the /app/ endpoint. | ||||
| CVE-2021-35043 | 3 Antisamy Project, Netapp, Oracle | 11 Antisamy, Active Iq Unified Manager, Banking Enterprise Default Management and 8 more | 2024-11-21 | 6.1 Medium |
| OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). This was demonstrated by a javascript: URL with : as the replacement for the : character. | ||||
| CVE-2021-35030 | 1 Zyxel | 24 Gs1900-10hp, Gs1900-10hp Firmware, Gs1900-16 and 21 more | 2024-11-21 | 3.5 Low |
| A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet contents and could allow an authenticated, local user to perform a cross-site scripting (XSS) attack via a crafted LLDP packet. | ||||
| CVE-2021-34821 | 1 Aat | 1 Novus Management System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. The WebUI has wrong HTTP 404 error handling implemented. A remote, unauthenticated attacker may be able to exploit the issue by sending malicious HTTP requests to non-existing URIs. The value of the URL path filename is copied into the HTML document as plain text tags. | ||||
| CVE-2021-34817 | 1 Etherpad | 1 Etherpad | 2024-11-21 | 6.1 Medium |
| A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad. | ||||
| CVE-2021-34815 | 1 Checksec | 1 Canopy | 2024-11-21 | 4.8 Medium |
| CheckSec Canopy before 3.5.2 allows XSS attacks against the login page via the LOGIN_PAGE_DISCLAIMER parameter. | ||||