Export limit exceeded: 44783 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44783 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-43661 | 1 Totolink | 2 Ex300 V2, Ex300 V2 Firmware | 2024-11-21 | 6.1 Medium |
| totolink EX300_v2 V4.0.3c.140_B20210429 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the component /home.asp. | ||||
| CVE-2021-43659 | 1 Halo | 1 Halo | 2024-11-21 | 5.4 Medium |
| In halo 1.4.14, the function point of uploading the avatar, any file can be uploaded, such as uploading an HTML file, which will cause a stored XSS vulnerability. | ||||
| CVE-2021-43633 | 1 Messaging Web Application Project | 1 Messaging Web Application | 2024-11-21 | 5.4 Medium |
| Sourcecodester Messaging Web Application 1.0 is vulnerable to stored XSS. If a sender inserts valid scripts into the chat, the script will be executed on the receiver chat. | ||||
| CVE-2021-43575 | 1 Knx | 1 Engineering Tool Software 6 | 2024-11-21 | 5.5 Medium |
| KNX ETS6 through 6.0.0 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information, a similar issue to CVE-2021-36799. NOTE: The vendor disputes this because it is not the responsibility of the ETS to securely store cryptographic key material when it is not being exported | ||||
| CVE-2021-43574 | 1 Atmail | 1 Atmail | 2024-11-21 | 6.1 Medium |
| WebAdmin Control Panel in Atmail 6.5.0 (a version released in 2012) allows XSS via the format parameter to the default URI. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-43561 | 1 Pega-sus | 1 Google For Jobs | 2024-11-21 | 5.4 Medium |
| An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability. | ||||
| CVE-2021-43558 | 2 Fedoraproject, Moodle | 3 Extra Packages For Enterprise Linux, Fedora, Moodle | 2024-11-21 | 6.1 Medium |
| A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk. | ||||
| CVE-2021-43551 | 1 Osisoft | 1 Pi Vision | 2024-11-21 | 6.5 Medium |
| A remote attacker with write access to PI Vision could inject code into a display. Unauthorized information disclosure, modification, or deletion is possible if a victim views or interacts with the infected display using Microsoft Internet Explorer. The impact affects PI System data and other data accessible with victim's user permissions. | ||||
| CVE-2021-43549 | 1 Osisoft | 1 Pi Web Api | 2024-11-21 | 6.9 Medium |
| A remote authenticated attacker with write access to a PI Server could trick a user into interacting with a PI Web API endpoint and redirect them to a malicious website. As a result, a victim may disclose sensitive information to the attacker or be provided with false information. | ||||
| CVE-2021-43544 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 6.1 Medium |
| When receiving a URL through a SEND intent, Firefox would have searched for the text, but subsequent usages of the address bar might have caused the URL to load unintentionally, which could lead to XSS and spoofing attacks. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 95. | ||||
| CVE-2021-43543 | 3 Debian, Mozilla, Redhat | 7 Debian Linux, Firefox, Firefox Esr and 4 more | 2024-11-21 | 6.1 Medium |
| Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. This vulnerability affects Thunderbird < 91.4.0, Firefox ESR < 91.4.0, and Firefox < 95. | ||||
| CVE-2021-43530 | 2 Google, Mozilla | 2 Android, Firefox | 2024-11-21 | 6.1 Medium |
| A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. *This bug only affects Firefox for Android. Other operating systems are unaffected.*. This vulnerability affects Firefox < 94. | ||||
| CVE-2021-43505 | 1 Simple Client Management System Project | 1 Simple Client Management System | 2024-11-21 | 5.4 Medium |
| Multiple Cross Site Scripting (XSS) vulnerabilities exist in Ssourcecodester Simple Client Management System v1 via (1) Add new Client and (2) Add new invoice. | ||||
| CVE-2021-43462 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the username parameter. | ||||
| CVE-2021-43461 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the servername parameter. | ||||
| CVE-2021-43459 | 1 Rumble Mail Server Project | 1 Rumble Mail Server | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Rumble Mail Server 0.51.3135 via the (1) domain and (2) path parameters. | ||||
| CVE-2021-43441 | 1 Iorder Project | 1 Iorder | 2024-11-21 | 5.3 Medium |
| An HTML Injection Vulnerability in iOrder 1.0 allows the remote attacker to execute Malicious HTML codes via the signup form | ||||
| CVE-2021-43440 | 1 Iorder Project | 1 Iorder | 2024-11-21 | 6.1 Medium |
| Multiple Stored XSS Vulnerabilities in the Source Code of iOrder 1.0 allow remote attackers to execute arbitrary code via signup form in the Name and Phone number field. | ||||
| CVE-2021-43439 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 9.8 Critical |
| RCE in Add Review Function in iResturant 1.0 Allows remote attacker to execute commands remotely | ||||
| CVE-2021-43438 | 1 Iresturant Project | 1 Iresturant | 2024-11-21 | 5.4 Medium |
| Stored XSS in Signup Form in iResturant 1.0 Allows Remote Attacker to Inject Arbitrary code via NAME and ADDRESS field | ||||