Export limit exceeded: 342349 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44803 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44803 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-4121 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 6.1 Medium |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4116 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 5.4 Medium |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4108 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.1 Medium |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4107 | 1 Yetiforce | 1 Yetiforce Customer Relationship Management | 2024-11-21 | 6.1 Medium |
| yetiforcecrm is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4103 | 1 B3log | 1 Vditor | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository vanessa219/vditor prior to 1.0.34. | ||||
| CVE-2021-4084 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4081 | 1 Pimcore | 1 Pimcore | 2024-11-21 | 6.1 Medium |
| pimcore is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4072 | 1 Elgg | 1 Elgg | 2024-11-21 | 5.4 Medium |
| elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4050 | 1 Livehelperchat | 1 Live Helper Chat | 2024-11-21 | 6.1 Medium |
| livehelperchat is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4046 | 1 Tcman | 1 Gim | 2024-11-21 | 5.4 Medium |
| The m_txtNom y m_txtCognoms parameters in TCMAN GIM v8.01 allow an attacker to perform persistent XSS attacks. This vulnerability could be used to carry out a number of browser-based attacks including browser hijacking or theft of sensitive data. | ||||
| CVE-2021-4038 | 1 Mcafee | 1 Network Security Manager | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability in McAfee Network Security Manager (NSM) prior to 10.1 Minor 7 allows a remote authenticated administrator to embed a XSS in the administrator interface via specially crafted custom rules containing HTML. NSM did not correctly sanitize custom rule content in all scenarios. | ||||
| CVE-2021-4035 | 1 Wocu-monitoring | 1 Wocu Monitoring | 2024-11-21 | 3.5 Low |
| A stored cross site scripting have been identified at the comments in the report creation due to an obsolote version of tinymce editor. In order to exploit this vulnerability, the attackers needs an account with enough privileges to view and edit reports. | ||||
| CVE-2021-4020 | 1 Meetecho | 1 Janus | 2024-11-21 | 5.4 Medium |
| janus-gateway is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-4018 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-46889 | 1 10web | 1 Photo Gallery | 2024-11-21 | 6.1 Medium |
| The 10Web Photo Gallery plugin through 1.5.69 for WordPress allows XSS via theme_id for bwg_frontend_data. NOTE: other parameters are covered by CVE-2021-24291, CVE-2021-25041, and CVE-2021-31693. | ||||
| CVE-2021-46827 | 1 Sync | 5 Oxygen Publishing Engine, Oxygen Xml Author, Oxygen Xml Developer and 2 more | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Oxygen XML WebHelp before 22.1 build 2021082006 and 23.x before 23.1 build 2021090310. An XSS vulnerability in search terms proposals (in online documentation generated using Oxygen XML WebHelp) allows attackers to execute JavaScript by convincing a user to type specific text in the WebHelp output search field. | ||||
| CVE-2021-46824 | 1 School File Management System Project | 1 School File Management System | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in sourcecodester School File Management System 1.0 via the Lastname parameter to the Update Account form in student_profile.php. | ||||
| CVE-2021-46782 | 1 Supsystic | 1 Price Table | 2024-11-21 | 6.1 Medium |
| The Pricing Table by Supsystic WordPress plugin before 1.9.5 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-46781 | 1 Subsystic | 1 Coming Soon | 2024-11-21 | 6.1 Medium |
| The Coming Soon by Supsystic WordPress plugin before 1.7.6 does not sanitise and escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | ||||
| CVE-2021-46780 | 1 Supsystic | 1 Easy Google Maps | 2024-11-21 | 6.1 Medium |
| The Easy Google Maps WordPress plugin before 1.9.32 does not escape the tab parameter before outputting it back in an attribute in the admin dashboard, leading to a Reflected Cross-Site Scripting | ||||