Export limit exceeded: 44794 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44794 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-45425 | 1 Safarimontage | 1 Safari Montage | 2024-11-21 | 6.1 Medium |
| Reflected Cross Site Scripting (XSS) in SAFARI Montage versions 8.3 and 8.5 allows remote attackers to execute JavaScript codes. | ||||
| CVE-2021-45416 | 1 Rosariosis | 1 Rosariosis | 2024-11-21 | 6.1 Medium |
| Reflected Cross-site scripting (XSS) vulnerability in RosarioSIS 8.2.1 allows attackers to inject arbitrary HTML via the search_term parameter in the modules/Scheduling/Courses.php script. | ||||
| CVE-2021-45380 | 1 Appcms | 1 Appcms | 2024-11-21 | 6.1 Medium |
| AppCMS 2.0.101 has a XSS injection vulnerability in \templates\m\inc_head.php | ||||
| CVE-2021-45357 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Piwigo 12.x via the pwg_activity function in include/functions.inc.php. | ||||
| CVE-2021-45329 | 1 Gitea | 1 Gitea | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | ||||
| CVE-2021-45281 | 1 Quickbox | 1 Quickbox | 2024-11-21 | 6.1 Medium |
| QuickBox Pro v2.4.8 contains a cross-site scripting (XSS) vulnerability at "adminuseredit.php?usertoedit=XSS", as the user supplied input for the value of this parameter is not properly sanitized. | ||||
| CVE-2021-45229 | 1 Apache | 1 Airflow | 2024-11-21 | 6.1 Medium |
| It was discovered that the "Trigger DAG with config" screen was susceptible to XSS attacks via the `origin` query argument. This issue affects Apache Airflow versions 2.2.3 and below. | ||||
| CVE-2021-45228 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in COINS Construction Cloud 11.12. Due to insufficient neutralization of user input in the description of a task, it is possible to store malicious JavaScript code in the task description. This is later executed when it is reflected back to the user. | ||||
| CVE-2021-45227 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 5.4 Medium |
| An issue was discovered in COINS Construction Cloud 11.12. Due to an inappropriate use of HTML IFRAME elements, the file upload functionality is vulnerable to a persistent Cross-Site Scripting (XSS) attack. | ||||
| CVE-2021-45225 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 6.1 Medium |
| An issue was discovered in COINS Construction Cloud 11.12. Due to improper input neutralization, it is vulnerable to reflected cross-site scripting (XSS) via malicious links (affecting the search window and activity view window). | ||||
| CVE-2021-45224 | 1 Coins-global | 1 Coins Construction Cloud | 2024-11-21 | 6.1 Medium |
| An issue was discovered in COINS Construction Cloud 11.12. In several locations throughout the application, JavaScript code is passed as a URL parameter. Attackers can trivially alter this code to cause malicious behaviour. The application is therefore vulnerable to reflected XSS via malicious URLs. | ||||
| CVE-2021-45106 | 1 Siemens | 1 Sicam Toolbox Ii | 2024-11-21 | 6.5 Medium |
| A vulnerability has been identified in SICAM TOOLBOX II (All versions). Affected applications use a circumventable access control within a database service. This could allow an attacker to access the database. | ||||
| CVE-2021-45094 | 1 Okta | 1 Imprivata Privileged Access Management | 2024-11-21 | 5.4 Medium |
| Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | ||||
| CVE-2021-45088 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 6.1 Medium |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an error page. | ||||
| CVE-2021-45087 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 6.1 Medium |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 when View Source mode or Reader mode is used, as demonstrated by a a page title. | ||||
| CVE-2021-45086 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 6.1 Medium |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 because a server's suggested_filename is used as the pdf_name value in PDF.js. | ||||
| CVE-2021-45085 | 2 Debian, Gnome | 2 Debian Linux, Epiphany | 2024-11-21 | 6.1 Medium |
| XSS can occur in GNOME Web (aka Epiphany) before 40.4 and 41.x before 41.1 via an about: page, as demonstrated by ephy-about:overview when a user visits an XSS payload page often enough to place that page on the Most Visited list. | ||||
| CVE-2021-45071 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via crafted uploaded file names. | ||||
| CVE-2021-45033 | 1 Siemens | 8 Cp-8000 Master Module With I\/o -25\/\+70, Cp-8000 Master Module With I\/o -25\/\+70 Firmware, Cp-8000 Master Module With I\/o -40\/\+70 and 5 more | 2024-11-21 | 8.8 High |
| A vulnerability has been identified in CP-8000 MASTER MODULE WITH I/O -25/+70°C (All versions < V16.20), CP-8000 MASTER MODULE WITH I/O -40/+70°C (All versions < V16.20), CP-8021 MASTER MODULE (All versions < V16.20), CP-8022 MASTER MODULE WITH GPRS (All versions < V16.20). An undocumented debug port uses hard-coded default credentials. If this port is enabled by a privileged user, an attacker aware of the credentials could access an administrative debug shell on the affected device. | ||||
| CVE-2021-45026 | 1 Rocketsoftware | 1 Ags-zena | 2024-11-21 | 6.1 Medium |
| ASG technologies ASG-Zena Cross Platform Server Enterprise Edition 4.2.1 is vulnerable to Cross Site Scripting (XSS). | ||||