Export limit exceeded: 45791 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45791 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-31832 | 1 Mcafee | 1 Data Loss Prevention | 2024-11-21 | 5.2 Medium |
| Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine. | ||||
| CVE-2021-31830 | 1 Mcafee | 1 Database Security | 2024-11-21 | 5.9 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database. | ||||
| CVE-2021-31813 | 1 Zohocorp | 1 Manageengine Applications Manager | 2024-11-21 | 5.4 Medium |
| Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD. | ||||
| CVE-2021-31803 | 1 Cpanel | 1 Cpanel | 2024-11-21 | 6.1 Medium |
| cPanel before 94.0.3 allows self-XSS via EasyApache 4 Save Profile (SEC-581). | ||||
| CVE-2021-31794 | 1 Directum | 1 Directum | 2024-11-21 | 6.1 Medium |
| Settings.aspx?view=About in Directum 5.8.2 allows XSS via the HTTP User-Agent header. | ||||
| CVE-2021-31792 | 1 Salesagility | 1 Suitecrm | 2024-11-21 | 5.4 Medium |
| XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field | ||||
| CVE-2021-31778 | 1 Media2click Project | 1 Media2click | 2024-11-21 | 5.4 Medium |
| The media2click (aka 2 Clicks for External Media) extension 1.x before 1.3.3 for TYPO3 allows XSS by a backend user account. | ||||
| CVE-2021-31761 | 1 Webmin | 1 Webmin | 2024-11-21 | 9.6 Critical |
| Webmin 1.973 is affected by reflected Cross Site Scripting (XSS) to achieve Remote Command Execution through Webmin's running process feature. | ||||
| CVE-2021-31738 | 1 Adiscon | 1 Loganalyzer | 2024-11-21 | 6.1 Medium |
| Adiscon LogAnalyzer 4.1.10 and 4.1.11 allow login.php XSS. | ||||
| CVE-2021-31721 | 1 Chevereto | 1 Chevereto | 2024-11-21 | 6.1 Medium |
| Chevereto before 3.17.1 allows Cross Site Scripting (XSS) via an image title at the image upload stage. | ||||
| CVE-2021-31712 | 1 React Draft Wysiwyg Project | 1 React Draft Wysiwyg | 2024-11-21 | 5.4 Medium |
| react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS. | ||||
| CVE-2021-31682 | 1 Automatedlogic | 1 Webctrl | 2024-11-21 | 6.1 Medium |
| The login portal for the Automated Logic WebCTRL/WebCTRL OEM web application contains a vulnerability that allows for reflected XSS attacks due to the operatorlocale GET parameter not being sanitized. This issue impacts versions 6.5 and below. This issue works by passing in a basic XSS payload to a vulnerable GET parameter that is reflected in the output without sanitization. | ||||
| CVE-2021-31676 | 1 Pescms | 1 Pescms Team | 2024-11-21 | 6.1 Medium |
| A reflected XSS was discovered in PESCMS-V2.3.3. When combined with CSRF in the same file, they can cause bigger destruction. | ||||
| CVE-2021-31674 | 1 Cyclos | 1 Cyclos | 2024-11-21 | 6.1 Medium |
| Cyclos 4 PRO 4.14.7 and before does not validate user input at error inform, which allows remote unauthenticated attacker to execute javascript code via undefine enum constant. | ||||
| CVE-2021-31673 | 1 Cyclos | 1 Cyclos | 2024-11-21 | 6.1 Medium |
| A Dom-based Cross-site scripting (XSS) vulnerability at registration account in Cyclos 4 PRO.14.7 and before allows remote attackers to inject arbitrary web script or HTML via the groupId parameter. | ||||
| CVE-2021-31655 | 1 Trendnet | 2 Tv-ip110wn, Tv-ip110wn Firmware | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in TRENDnet TV-IP110WN V1.2.2.64 V1.2.2.65 V1.2.2.68 via the profile parameter. in a GET request in view.cgi. | ||||
| CVE-2021-31651 | 1 Neofr | 1 Neofrag | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in neofarg-cms 0.2.3 allows remoate attacker to run arbitrary code via the copyright field in copyright settings. | ||||
| CVE-2021-31643 | 1 Chiyu-tech | 22 Bf-630, Bf-630 Firmware, Bf-631 and 19 more | 2024-11-21 | 5.4 Medium |
| An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter. | ||||
| CVE-2021-31641 | 1 Chiyu-tech | 30 Bf-430, Bf-430 Firmware, Bf-431 and 27 more | 2024-11-21 | 6.1 Medium |
| An unauthenticated XSS vulnerability exists in several IoT devices from CHIYU Technology, including BF-630, BF-450M, BF-430, BF-431, BF631-W, BF830-W, Webpass, BF-MINI-W, and SEMAC due to a lack of sanitization when the HTTP 404 message is generated. | ||||
| CVE-2021-31589 | 1 Beyondtrust | 1 Appliance Base Software | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability has been reported and confirmed for BeyondTrust Secure Remote Access Base Software version 6.0.1 and older, which allows the injection of unauthenticated, specially-crafted web requests without proper sanitization. | ||||