Export limit exceeded: 347980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347980 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45702 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45702 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-24126 | 1 Enviragallery | 1 Envira Gallery | 2024-11-21 | 5.4 Medium |
| Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them in the generated gallery, which could lead to privilege escalation. | ||||
| CVE-2021-24124 | 1 Terryl | 1 Wp Shieldon | 2024-11-21 | 6.1 Medium |
| Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is shown could lead to privileged escalation. | ||||
| CVE-2021-24021 | 1 Fortinet | 1 Fortianalyzer | 2024-11-21 | 4.3 Medium |
| An improper neutralization of input vulnerability [CWE-79] in FortiAnalyzer versions 6.4.3 and below, 6.2.7 and below and 6.0.10 and below may allow a remote authenticated attacker to perform a stored cross site scripting attack (XSS) via the column settings of Logview in FortiAnalyzer, should the attacker be able to obtain that POST request, via other, hypothetical attacks. | ||||
| CVE-2021-24014 | 1 Fortinet | 1 Fortisandbox | 2024-11-21 | 5.4 Medium |
| Multiple instances of improper neutralization of input during web page generation vulnerabilities in FortiSandbox before 4.0.0 may allow an unauthenticated attacker to perform an XSS attack via specifically crafted request parameters. | ||||
| CVE-2021-24005 | 1 Fortinet | 1 Fortiauthenticator | 2024-11-21 | 4 Medium |
| Usage of hard-coded cryptographic keys to encrypt configuration files and debug logs in FortiAuthenticator versions before 6.3.0 may allow an attacker with access to the files or the CLI configuration to decrypt the sensitive data, via knowledge of the hard-coded key. | ||||
| CVE-2021-23959 | 1 Mozilla | 1 Firefox | 2024-11-21 | 6.1 Medium |
| An XSS bug in internal error pages could have led to various spoofing attacks, including other error pages and the address bar. Note: This issue only affected Firefox for Android. Other operating systems are unaffected. This vulnerability affects Firefox < 85. | ||||
| CVE-2021-23936 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via the subject of a task. | ||||
| CVE-2021-23935 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via an appointment in which the location contains JavaScript code. | ||||
| CVE-2021-23934 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via a contact whose name contains JavaScript code. | ||||
| CVE-2021-23933 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via JavaScript in a Note referenced by a mail:// URL. | ||||
| CVE-2021-23932 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via an inline image with a crafted filename. | ||||
| CVE-2021-23931 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via an inline binary file. | ||||
| CVE-2021-23930 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via use of the conversion API for a distributedFile. | ||||
| CVE-2021-23929 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.4 allows XSS via a crafted Content-Disposition header in an uploaded HTML document to an ajax/share/<share-token>?delivery=view URI. | ||||
| CVE-2021-23928 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite through 7.10.3 allows XSS via the ajax/apps/manifests query string. | ||||
| CVE-2021-23925 | 1 Devolutions | 1 Devolutions Server | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Devolutions Server before 2020.3. There is a cross-site scripting (XSS) vulnerability in entries of type Document. | ||||
| CVE-2021-23922 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Devolutions Remote Desktop Manager before 2020.2.12. There is a cross-site scripting (XSS) vulnerability in webviews. | ||||
| CVE-2021-23889 | 1 Mcafee | 1 Epolicy Orchestrator | 2024-11-21 | 3.5 Low |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | ||||
| CVE-2021-23881 | 1 Mcafee | 1 Endpoint Security | 2024-11-21 | 4.8 Medium |
| A stored cross site scripting vulnerability in ePO extension of McAfee Endpoint Security (ENS) prior to 10.7.0 February 2021 Update allows an ENS ePO administrator to add a script to a policy event which will trigger the script to be run through a browser block page when a local non-administrator user triggers the policy. | ||||
| CVE-2021-23863 | 1 Bosch | 1 Video Security | 2024-11-21 | 6.1 Medium |
| HTML code injection vulnerability in Android Application, Bosch Video Security, version 3.2.3. or earlier, when successfully exploited allows an attacker to inject random HTML code into a component loaded by WebView, thus allowing the Application to display web resources controlled by the attacker. | ||||