Export limit exceeded: 349199 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 349199 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45782 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45782 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27146 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / CUadmin credentials for an ISP. | ||||
| CVE-2021-27145 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded admin / lnadmin credentials for an ISP. | ||||
| CVE-2021-27144 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded f~i!b@e#r$h%o^m*esuperadmin / s(f)u_h+g|u credentials for an ISP. | ||||
| CVE-2021-27143 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web daemon contains the hardcoded user / user1234 credentials for an ISP. | ||||
| CVE-2021-27142 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 7.5 High |
| An issue was discovered on FiberHome HG6245D devices through RP2613. The web management is done over HTTPS, using a hardcoded private key that has 0777 permissions. | ||||
| CVE-2021-27141 | 1 Fiberhome | 2 Hg6245d, Hg6245d Firmware | 2024-11-21 | 9.8 Critical |
| An issue was discovered on FiberHome HG6245D devices through RP2613. Credentials in /fhconf/umconfig.txt are obfuscated via XOR with the hardcoded *j7a(L#yZ98sSd5HfSgGjMj8;Ss;d)(*&^#@$a2s0i3g key. (The webs binary has details on how XOR is used.) | ||||
| CVE-2021-27131 | 1 Moodle | 1 Moodle | 2024-11-21 | 5.4 Medium |
| Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer. NOTE: this is disputed by the vendor because the "Additional HTML Section" for "Header and Footer" can only be supplied by an administrator, who is intentionally allowed to enter unsanitized input (e.g., site-specific JavaScript). | ||||
| CVE-2021-27129 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 5.4 Medium |
| CASAP Automated Enrollment System version 1.0 contains a cross-site scripting (XSS) vulnerability through the Students > Edit > ROUTE parameter. | ||||
| CVE-2021-26968 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 4.8 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | ||||
| CVE-2021-26967 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.1 Medium |
| A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. | ||||
| CVE-2021-26947 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | ||||
| CVE-2021-26938 | 1 Henriquedornas | 1 Henriquedornas | 2024-11-21 | 5.4 Medium |
| A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts | ||||
| CVE-2021-26929 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses. | ||||
| CVE-2021-26925 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 5.4 Medium |
| Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | ||||
| CVE-2021-26924 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. | ||||
| CVE-2021-26916 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.1 Medium |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | ||||
| CVE-2021-26903 | 1 Isida | 1 Retriever | 2024-11-21 | 6.1 Medium |
| LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. | ||||
| CVE-2021-26844 | 1 Poweradmin | 1 Pa Server Monitor | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. | ||||
| CVE-2021-26835 | 1 Zettlr | 1 Zettlr | 2024-11-21 | 6.1 Medium |
| No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. | ||||
| CVE-2021-26834 | 1 Znote | 1 Znote | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. | ||||