Export limit exceeded: 349452 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45835 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3002 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 6.1 Medium |
| Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter. | ||||
| CVE-2021-39946 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis | ||||
| CVE-2021-39910 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 2.6 Low |
| An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature. | ||||
| CVE-2021-39906 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf. | ||||
| CVE-2021-39887 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 7.3 High |
| A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf. | ||||
| CVE-2021-39885 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 8.7 High |
| A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names | ||||
| CVE-2021-39878 | 1 Gitlab | 1 Gitlab | 2024-11-21 | 5.8 Medium |
| A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code. | ||||
| CVE-2021-39615 | 1 Dlink | 2 Dsr-500n, Dsr-500n Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-39614 | 1 Dlink | 2 Dvx-2000ms, Dvx-2000ms Firmware | 2024-11-21 | 9.8 Critical |
| D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. | ||||
| CVE-2021-39613 | 1 Dlink | 2 Dvg-3104ms, Dvg-3104ms Firmware | 2024-11-21 | 8.8 High |
| D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-39609 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function. | ||||
| CVE-2021-39599 | 1 Cxuu | 1 Cxuucms | 2024-11-21 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php. | ||||
| CVE-2021-39499 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 6.1 Medium |
| A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function. | ||||
| CVE-2021-39496 | 1 Eyoucms | 1 Eyoucms | 2024-11-21 | 5.4 Medium |
| Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS. | ||||
| CVE-2021-39491 | 1 Rengine Project | 1 Rengine | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . . | ||||
| CVE-2021-39486 | 1 Gilacms | 1 Gila Cms | 2024-11-21 | 5.4 Medium |
| A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser. | ||||
| CVE-2021-39421 | 1 Seeddms | 1 Seeddms | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload. | ||||
| CVE-2021-39420 | 1 Vfront | 1 Vfront | 2024-11-21 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php. | ||||
| CVE-2021-39416 | 1 Remoteclinic | 1 Remote Clinic | 2024-11-21 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters. | ||||
| CVE-2021-39413 | 1 Seopanel | 1 Seo Panel | 2024-11-21 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php. | ||||