Export limit exceeded: 341629 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44696 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27370 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Last Name field. | ||||
| CVE-2021-27369 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Middle Name field. | ||||
| CVE-2021-27368 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the First Name field. | ||||
| CVE-2021-27349 | 1 Algolplus | 1 Advanced Order Export For Woocommerce | 2024-11-21 | 6.1 Medium |
| Advanced Order Export before 3.1.8 for WooCommerce allows XSS, a different vulnerability than CVE-2020-11727. | ||||
| CVE-2021-27340 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| OpenSIS Community Edition version <= 7.6 is affected by a reflected XSS vulnerability in EmailCheck.php via the "opt" parameter. | ||||
| CVE-2021-27338 | 1 Faraday | 1 Edge | 2024-11-21 | 5.4 Medium |
| Faraday Edge before 3.7 allows XSS via the network/create/ page and its network name parameter. | ||||
| CVE-2021-27332 | 1 Casap Automated Enrollment System Project | 1 Casap Automated Enrollment System | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in SourceCodester CASAP Automated Enrollment System v 1.0 allows remote attackers to inject arbitrary web script or HTML via the class_name parameter to update_class.php. | ||||
| CVE-2021-27330 | 1 Triconsole | 1 Datepicker Calendar | 2024-11-21 | 6.1 Medium |
| Triconsole Datepicker Calendar <3.77 is affected by cross-site scripting (XSS) in calendar_form.php. Attackers can read authentication cookies that are still active, which can be used to perform further attacks such as reading browser history, directory listings, and file contents. | ||||
| CVE-2021-27318 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. | ||||
| CVE-2021-27317 | 1 Doctor Appointment System Project | 1 Doctor Appointment System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. | ||||
| CVE-2021-27310 | 1 Csphere | 1 Clansphere | 2024-11-21 | 6.1 Medium |
| Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter. | ||||
| CVE-2021-27309 | 1 Csphere | 1 Clansphere | 2024-11-21 | 6.1 Medium |
| Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "module" parameter. | ||||
| CVE-2021-27308 | 1 4homepages | 1 4images | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. | ||||
| CVE-2021-27288 | 1 X2engine | 1 X2crm | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in X2Engine X2CRM v7.1 allows remote attackers to obtain sensitive information by injecting arbitrary web script or HTML via the "Comment" field in "/profile/activity" page. | ||||
| CVE-2021-27279 | 1 Mybb | 1 Mybb | 2024-11-21 | 5.4 Medium |
| MyBB before 1.8.25 allows stored XSS via nested [email] tags with MyCode (aka BBCode). | ||||
| CVE-2021-27254 | 1 Netgear | 86 Br200, Br200 Firmware, Br500 and 83 more | 2024-11-21 | 8.8 High |
| This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of NETGEAR R7800. Authentication is not required to exploit this vulnerability. The specific flaw exists within the apply_save.cgi endpoint. This issue results from the use of hard-coded encryption key. An attacker can leverage this vulnerability to execute arbitrary code in the context of root. Was ZDI-CAN-12287. | ||||
| CVE-2021-27237 | 1 Blackcat-cms | 1 Blackcat Cms | 2024-11-21 | 4.8 Medium |
| The admin panel in BlackCat CMS 1.3.6 allows stored XSS (by an admin) via the Display Name field to backend/preferences/ajax_save.php. | ||||
| CVE-2021-27228 | 1 Shinobi | 1 Shinobi Pro | 2024-11-21 | 9.8 Critical |
| An issue was discovered in Shinobi through ocean version 1. lib/auth.js has Incorrect Access Control. Valid API Keys are held in an internal JS Object. Therefore an attacker can use JS Proto Method names (such as constructor or hasOwnProperty) to convince the System that the supplied API Key exists in the underlying JS object, and consequently achieve complete access to User/Admin/Super API functions, as demonstrated by a /super/constructor/accounts/list URI. | ||||
| CVE-2021-27222 | 1 Obss | 1 Time In Status | 2024-11-21 | 5.4 Medium |
| In the "Time in Status" app before 4.13.0 for Jira, remote authenticated attackers can cause Stored XSS. | ||||
| CVE-2021-27214 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| A Server-side request forgery (SSRF) vulnerability in the ProductConfig servlet in Zoho ManageEngine ADSelfService Plus through 6013 allows a remote unauthenticated attacker to perform blind HTTP requests or perform a Cross-site scripting (XSS) attack against the administrative interface via an HTTP request, a different vulnerability than CVE-2019-3905. | ||||