Export limit exceeded: 349866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349866 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45893 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45893 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43690 | 1 Yurunproxy Project | 1 Yurunproxy | 2024-11-21 | 6.1 Medium |
| YurunProxy v0.01 is affected by a Cross Site Scripting (XSS) vulnerability in src/Client.php. The exit function will terminate the script and print a message which have values from the socket_read. | ||||
| CVE-2021-43689 | 1 Manage Project | 1 Manage | 2024-11-21 | 6.1 Medium |
| manage (last update Oct 24, 2017) is affected by a Cross Site Scripting (XSS) vulnerability in Application/Home/Controller/GoodsController.class.php. The exit function will terminate the script and print a message which have values from $_POST. | ||||
| CVE-2021-43687 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| chamilo-lms v1.11.14 is affected by a Cross Site Scripting (XSS) vulnerability in /plugin/jcapture/applet.php if an attacker passes a message hex2bin in the cookie. | ||||
| CVE-2021-43686 | 1 Nzedb Project | 1 Nzedb | 2024-11-21 | 6.1 Medium |
| nZEDb v0.4.20 is affected by a Cross Site Scripting (XSS) vulnerability in www/pages/api.php. The exit function will terminate the script and print the message which has the input $_GET['t']. | ||||
| CVE-2021-43683 | 1 Haschek | 1 Pictshare | 2024-11-21 | 6.1 Medium |
| pictshare v1.5 is affected by a Cross Site Scripting (XSS) vulnerability in api/info.php. The exit function will terminate the script and print the message which has $_REQUEST['hash']. | ||||
| CVE-2021-43682 | 1 Thinkphp-bjyblog Project | 1 Thinkphp-bjyblog | 2024-11-21 | 6.1 Medium |
| thinkphp-bjyblog (last update Jun 4 2021) is affected by a Cross Site Scripting (XSS) vulnerability in AdminBaseController.class.php. The exit function terminates the script and prints a message to the user that contains $_SERVER['HTTP_HOST']. | ||||
| CVE-2021-43681 | 1 Zerodream | 1 Sakurapanel | 2024-11-21 | 6.1 Medium |
| SakuraPanel v1.0.1.1 is affected by a Cross Site Scripting (XSS) vulnerability in /master/core/PostHandler.php. The exit function will terminate the script and print the message $data['proxy_name']. | ||||
| CVE-2021-43678 | 1 Wechat-php-sdk Project | 1 Wechat-php-sdk | 2024-11-21 | 6.1 Medium |
| Wechat-php-sdk v1.10.2 is affected by a Cross Site Scripting (XSS) vulnerability in Wechat.php. | ||||
| CVE-2021-43677 | 1 Fluxbb | 1 Fluxbb | 2024-11-21 | 6.1 Medium |
| Fluxbb v1.4.12 is affected by a Cross Site Scripting (XSS) vulnerability. | ||||
| CVE-2021-43675 | 1 Lycheeorg | 1 Lychee | 2024-11-21 | 6.1 Medium |
| Lychee-v3 3.2.16 is affected by a Cross Site Scripting (XSS) vulnerability in php/Access/Guest.php. The function exit will terminate the script and print the message to the user. The message will contain albumID which is controlled by the user. | ||||
| CVE-2021-43673 | 1 Dzzoffice | 1 Dzzoffice | 2024-11-21 | 6.1 Medium |
| dzzoffice 2.02.1_SC_UTF8 is affected by a Cross Site Scripting (XSS) vulnerability in explorerfile.php. The output of the exit function is printed for the user via exit(json_encode($return)). | ||||
| CVE-2021-43661 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 6.1 Medium |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | ||||
| CVE-2021-43659 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | ||||
| CVE-2021-43633 | 1 Messaging Web Application Project | 1 Messaging Web Application | 2024-11-21 | 5.4 Medium |
| Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. | ||||
| CVE-2021-43575 | 1 Knx | 1 Engineering Tool Software 6 | 2024-11-21 | 5.5 Medium |
| KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported | ||||
| CVE-2021-43574 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-43561 | 1 Pega-sus | 1 Google For Jobs | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability. | ||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.1 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2021-43551 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 6.5 Medium |
| A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. | ||||
| CVE-2021-43549 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 6.9 Medium |
| A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information. | ||||