Export limit exceeded: 349452 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45835 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45835 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-39412 | 1 Shopping Portal Project | 1 Shopping Portal | 2024-11-21 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php. | ||||
| CVE-2021-39411 | 1 Phpgurukul | 1 Hospital Management System | 2024-11-21 | 6.1 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php. | ||||
| CVE-2021-39408 | 1 Online Student Rate System Project | 1 Online Student Rate System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file | ||||
| CVE-2021-39404 | 1 Maianaffiliate | 1 Maianaffiliate | 2024-11-21 | 4.8 Medium |
| MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database. | ||||
| CVE-2021-39393 | 1 Mm-wiki Project | 1 Mm-wiki | 2024-11-21 | 6.1 Medium |
| mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. | ||||
| CVE-2021-39391 | 1 Beego | 1 Beego | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in the admin panel in Beego v2.0.1 via the URI path in an HTTP request, which is activated by administrators viewing the "Request Statistics" page. | ||||
| CVE-2021-39390 | 1 Partkeepr | 1 Partkeepr | 2024-11-21 | 5.4 Medium |
| Stored XSS in PartKeepr 1.4.0 Edit section in multiple api endpoints via name parameter. | ||||
| CVE-2021-39368 | 1 Canon | 1 Oce Print Exec Workgroup | 2024-11-21 | 6.1 Medium |
| Canon Oce Print Exec Workgroup 1.3.2 allows XSS via the lang parameter. | ||||
| CVE-2021-39362 | 1 Recaptcha Solver Project | 1 Recaptcha Solver | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in ReCaptcha Solver 5.7. A response from Anti-Captcha.com, RuCaptcha.com, 2captcha.com, DEATHbyCAPTCHA.com, ImageTyperz.com, or BestCaptchaSolver.com in setCaptchaCode() is inserted into the DOM as HTML, resulting in full control over the user's browser by these servers. | ||||
| CVE-2021-39307 | 1 Pdftron | 1 Webviewer Ui | 2024-11-21 | 6.1 Medium |
| PDFTron's WebViewer UI 8.0 or below renders dangerous URLs as hyperlinks in supported documents, including JavaScript URLs, allowing the execution of arbitrary JavaScript code. | ||||
| CVE-2021-39286 | 1 Webrecorder | 1 Pywb | 2024-11-21 | 6.1 Medium |
| Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped. | ||||
| CVE-2021-39285 | 1 Versa-networks | 1 Versa Director | 2024-11-21 | 6.1 Medium |
| A XSS vulnerability exists in Versa Director Release: 16.1R2 Build: S8. An attacker can use the administration web interface URL to create a XSS based attack. | ||||
| CVE-2021-39278 | 1 Moxa | 24 Oncell G3470a-lte-eu, Oncell G3470a-lte-eu-t, Oncell G3470a-lte-eu-t Firmware and 21 more | 2024-11-21 | 6.1 Medium |
| Certain MOXA devices allow reflected XSS via the Config Import menu. This affects WAC-2004 1.7, WAC-1001 2.1, WAC-1001-T 2.1, OnCell G3470A-LTE-EU 1.7, OnCell G3470A-LTE-EU-T 1.7, TAP-323-EU-CT-T 1.3, TAP-323-US-CT-T 1.3, TAP-323-JP-CT-T 1.3, WDR-3124A-EU 2.3, WDR-3124A-EU-T 2.3, WDR-3124A-US 2.3, and WDR-3124A-US-T 2.3. | ||||
| CVE-2021-39268 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.1 Medium |
| Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via malicious SVG files. This occurs because the clean_file_output protection mechanism can be bypassed. | ||||
| CVE-2021-39267 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 6.1 Medium |
| Persistent cross-site scripting (XSS) in the web interface of SuiteCRM before 7.11.19 allows a remote attacker to introduce arbitrary JavaScript via a Content-Type Filter bypass to upload malicious files. This occurs because text/html is blocked, but other types that allow JavaScript execution (such as text/xml) are not blocked. | ||||
| CVE-2021-39250 | 1 Invisioncommunity | 1 Invision Power Board | 2024-11-21 | 5.4 Medium |
| Invision Community (aka IPS Community Suite or IP-Board) before 4.6.5.1 allows stored XSS, with resultant code execution, because an uploaded file can be placed in an IFRAME element within user-generated content. For code execution, the attacker can rely on the ability of an admin to install widgets, disclosure of the admin session ID in a Referer header, and the ability of an admin to use the templating engine (e.g., Edit HTML). | ||||
| CVE-2021-39248 | 1 Edx | 1 Edx-platform | 2024-11-21 | 6.1 Medium |
| Open edX through Lilac.1 allows XSS in common/static/common/js/discussion/utils.js via crafted LaTeX content within a discussion. | ||||
| CVE-2021-39245 | 1 Altus | 30 Hadron Xtorm Hx3040, Hadron Xtorm Hx3040 Firmware, Nexto Nx3003 and 27 more | 2024-11-21 | 7.5 High |
| Hardcoded .htaccess Credentials for getlogs.cgi exist on Altus Nexto, Nexto Xpress, and Hadron Xtorm devices. This affects Nexto NX3003 1.8.11.0, Nexto NX3004 1.8.11.0, Nexto NX3005 1.8.11.0, Nexto NX3010 1.8.3.0, Nexto NX3020 1.8.3.0, Nexto NX3030 1.8.3.0, Nexto NX5100 1.8.11.0, Nexto NX5101 1.8.11.0, Nexto NX5110 1.1.2.8, Nexto NX5210 1.1.2.8, Nexto Xpress XP300 1.8.11.0, Nexto Xpress XP315 1.8.11.0, Nexto Xpress XP325 1.8.11.0, Nexto Xpress XP340 1.8.11.0, and Hadron Xtorm HX3040 1.7.58.0. | ||||
| CVE-2021-39222 | 1 Nextcloud | 1 Talk | 2024-11-21 | 6.4 Medium |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy. | ||||
| CVE-2021-39221 | 1 Nextcloud | 1 Contacts | 2024-11-21 | 6.4 Medium |
| Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Contacts application prior to version 4.0.3 was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Contacts application is upgraded to 4.0.3. As a workaround, one may use a browser that has support for Content-Security-Policy. | ||||