Export limit exceeded: 44780 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44780 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-42552 | 1 Archivista | 1 Archivistabox | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in ArchivistaBox webclient allows an attacker to craft a malicious link, executing JavaScript in the context of a victim's browser. This issue affects all ArchivistaBox versions prior to 2022/I. | ||||
| CVE-2021-42551 | 1 Alcoda | 1 Netbiblio | 2024-11-21 | 6.1 Medium |
| Cross-site Scripting (XSS) vulnerability in the search functionality of AlCoda NetBiblio WebOPAC allows an unauthenticated user to craft a reflected Cross-Site Scripting attack. This issue affects: AlCoda NetBiblio WebOPAC versions prior to 4.0.0.320; versions later than 4.0.0.328. This issue does not affect: AlCoda NetBiblio WebOPAC version 4.0.0.335 and later versions. | ||||
| CVE-2021-42549 | 1 Wpcloudplugins | 1 Lets-box | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42548 | 1 Wpcloudplugins | 1 Share-one-drive | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42547 | 1 Wpcloudplugins | 1 Out-of-the-box | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42546 | 1 Wpcloudplugins | 1 Use-your-drive | 2024-11-21 | 4.7 Medium |
| Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack. | ||||
| CVE-2021-42534 | 1 Trane | 2 Tracer Sc, Tracer Sc Firmware | 2024-11-21 | 6.3 Medium |
| The affected product’s web application does not properly neutralize the input during webpage generation, which could allow an attacker to inject code in the input forms. | ||||
| CVE-2021-42357 | 1 Apache | 1 Knox | 2024-11-21 | 6.1 Medium |
| When using Apache Knox SSO prior to 1.6.1, a request could be crafted to redirect a user to a malicious page due to improper URL parsing. A request that included a specially crafted request parameter could be used to redirect the user to a page controlled by an attacker. This URL would need to be presented to the user outside the normal request flow through a XSS or phishing campaign. | ||||
| CVE-2021-42335 | 1 Huaju | 1 Easytest Online Learning Test Platform | 2024-11-21 | 5.4 Medium |
| Easytest bulletin board management function of online learning platform does not filter special characters. After obtaining a user’s privilege, remote attackers can inject JavaScript and execute stored XSS attack. | ||||
| CVE-2021-42329 | 1 Xinheinformation | 1 Xinhe Teaching Platform System | 2024-11-21 | 5.4 Medium |
| The “List_Add” function of message board of ShinHer StudyOnline System does not filter special characters in the title parameter. After logging in with user’s privilege, remote attackers can inject JavaScript and execute stored XSS attacks. | ||||
| CVE-2021-42245 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 6.1 Medium |
| FlatCore-CMS 2.0.9 has a cross-site scripting (XSS) vulnerability in pages.edit.php through meta tags and content sections. | ||||
| CVE-2021-42244 | 1 Notimoo Project | 1 Notimoo | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) vulnerability in PaquitoSoftware Notimoo v1.2 allows attackers to execute arbitrary web scripts or HTML via a crafted title or message in a notification. | ||||
| CVE-2021-42233 | 2 Simple Blog Project, Wondercms | 2 Simple Blog, Wondercms | 2024-11-21 | 5.4 Medium |
| The Simple Blog plugin in Wondercms 3.4.1 is vulnerable to stored cross-site scripting (XSS) vulnerability. When any user opens a particular blog hosted on an attackers' site, XSS may occur. | ||||
| CVE-2021-42227 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 6.1 Medium |
| Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix is allowed). | ||||
| CVE-2021-42223 | 1 Phpgurukul | 1 Online Dj Booking Management System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS).vulnerability exists in Online DJ Booking Management System 1.0 in view-booking-detail.php. | ||||
| CVE-2021-42220 | 1 Dolibarr | 1 Dolibarr | 2024-11-21 | 5.4 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Dolibarr before 14.0.3 via the ticket creation flow. Exploitation requires that an admin copies the payload into a box. | ||||
| CVE-2021-42168 | 1 Try My Recipe Project | 1 Try My Recipe | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in Sourcecodester Try My Recipe (Recipe Sharing Website - CMS) by oretnom23, allows attackers to gain the PHPSESID or other unspecified impacts via the fullname parameter to the login_registration page. | ||||
| CVE-2021-42136 | 1 Vanderbilt | 1 Redcap | 2024-11-21 | 9.0 Critical |
| A stored Cross-Site Scripting (XSS) vulnerability in the Missing Data Codes functionality of REDCap before 11.4.0 allows remote attackers to execute JavaScript code in the client's browser by storing said code as a Missing Data Code value. This can then be leveraged to execute a Cross-Site Request Forgery attack to escalate privileges to administrator. | ||||
| CVE-2021-42134 | 1 Django-unicorn | 1 Unicorn | 2024-11-21 | 6.1 Medium |
| The Unicorn framework before 0.36.1 for Django allows XSS via a component. NOTE: this issue exists because of an incomplete fix for CVE-2021-42053. | ||||
| CVE-2021-42119 | 1 Businessdnasolutions | 1 Topease | 2024-11-21 | 7.3 High |
| Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version <= 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is then rendered in the Search Functionality, to alter the intended functionality and steal cookies, the latter allowing for account takeover. | ||||