Export limit exceeded: 342339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 342339 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44801 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44801 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-46680 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 4 Medium |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the module form name field. | ||||
| CVE-2021-46679 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 4 Medium |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via service elements. | ||||
| CVE-2021-46678 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 4 Medium |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the service name field. | ||||
| CVE-2021-46677 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 4 Medium |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the event filter name field. | ||||
| CVE-2021-46676 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 4 Medium |
| A XSS vulnerability exist in Pandora FMS version 756 and below, that allows an attacker to perform javascript code executions via the transactional maps name field. | ||||
| CVE-2021-46558 | 1 Issabel | 1 Pbx | 2024-11-21 | 5.4 Medium |
| Multiple cross-site scripting (XSS) vulnerabilities in the Add User module of Issabel PBX 20200102 allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the username and password fields. | ||||
| CVE-2021-46557 | 1 Vicidial | 1 Vicidial | 2024-11-21 | 5.4 Medium |
| Vicidial 2.14-783a was discovered to contain a cross-site scripting (XSS) vulnerability via the input tabs. | ||||
| CVE-2021-46447 | 1 Hhg-multistore | 1 Multistore | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in H.H.G Multistore v5.1.0 and below allows attackers to execute arbitrary web scripts or HTML via a crafted payload inserted into the State parameter under the Address Book module. | ||||
| CVE-2021-46437 | 1 Zzcms | 1 Zzcms | 2024-11-21 | 4.8 Medium |
| An issue was discovered in ZZCMS 2021. There is a cross-site scripting (XSS) vulnerability in ad_manage.php. | ||||
| CVE-2021-46426 | 1 Phpipam | 1 Phpipam | 2024-11-21 | 6.1 Medium |
| phpIPAM 1.4.4 allows Reflected XSS and CSRF via app/admin/subnets/find_free_section_subnets.php of the subnets functionality. | ||||
| CVE-2021-46387 | 1 Zyxel | 2 Zywall 2 Plus Internet Security Appliance, Zywall 2 Plus Internet Security Appliance Firmware | 2024-11-21 | 6.1 Medium |
| ZyXEL ZyWALL 2 Plus Internet Security Appliance is affected by Cross Site Scripting (XSS). Insecure URI handling leads to bypass security restriction to achieve Cross Site Scripting, which allows an attacker able to execute arbitrary JavaScript codes to perform multiple attacks such as clipboard hijacking and session hijacking. | ||||
| CVE-2021-46382 | 1 Netgear | 2 Wac120 Ac, Wac120 Ac Firmware | 2024-11-21 | 6.1 Medium |
| Unauthenticated cross-site scripting (XSS) in Netgear WAC120 AC Access Point may lead to mulitple attacks like session hijacking even clipboard hijacking. | ||||
| CVE-2021-46372 | 1 Erudika | 1 Scoold | 2024-11-21 | 5.4 Medium |
| Scoold 1.47.2 is a Q&A/knowledge base platform written in Java. When writing a Q&A, the markdown editor is vulnerable to a XSS attack when using uppercase letters. | ||||
| CVE-2021-46355 | 1 Factorfx | 1 Ocs Inventory | 2024-11-21 | 5.4 Medium |
| OCS Inventory 2.9.1 is affected by Cross Site Scripting (XSS). To exploit the vulnerability, the attacker needs to manipulate the name of some device on your computer, such as a printer, replacing the device name with some malicious code that allows the execution of Stored Cross-site Scripting (XSS). | ||||
| CVE-2021-46253 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the Create Post function of Anchor CMS v0.12.7 allows attackers to execute arbitrary web scripts or HTML. | ||||
| CVE-2021-46251 | 1 Scratchoauth2 Project | 1 Scratchoauth2 | 2024-11-21 | 6.1 Medium |
| A reflected cross-site scripting (XSS) in ScratchOAuth2 before commit 1603f04e44ef67dde6ccffe866d2dca16defb293 allows attackers to execute arbitrary web scripts or HTML via a crafted POST request. | ||||
| CVE-2021-46247 | 1 Asus | 2 Cmax6000, Cmax6000 Firmware | 2024-11-21 | 7.5 High |
| The use of a hard-coded cryptographic key significantly increases the possibility encrypted data may be recovered from ASUS CMAX6000 v1.02.00. | ||||
| CVE-2021-46150 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 4.8 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Special:CheckUserLog allows CheckUser XSS because of date mishandling, as demonstrated by an XSS payload in MediaWiki:October. | ||||
| CVE-2021-46146 | 1 Mediawiki | 1 Mediawiki | 2024-11-21 | 5.4 Medium |
| An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The WikibaseMediaInfo component is vulnerable to XSS via the caption fields for a given media file. | ||||
| CVE-2021-46144 | 2 Debian, Roundcube | 2 Debian Linux, Roundcube | 2024-11-21 | 6.1 Medium |
| Roundcube before 1.4.13 and 1.5.x before 1.5.2 allows XSS via an HTML e-mail message with crafted Cascading Style Sheets (CSS) token sequences. | ||||