Export limit exceeded: 342082 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44768 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44768 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40121 | 1 Cisco | 1 Identity Services Engine | 2024-11-21 | 6.1 Medium |
| Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine (ISE) Software could allow an attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. For more information about these vulnerabilities, see the Details section of this advisory. | ||||
| CVE-2021-40119 | 1 Cisco | 1 Policy Suite | 2024-11-21 | 9.8 Critical |
| A vulnerability in the key-based SSH authentication mechanism of Cisco Policy Suite could allow an unauthenticated, remote attacker to log in to an affected system as the root user. This vulnerability is due to the re-use of static SSH keys across installations. An attacker could exploit this vulnerability by extracting a key from a system under their control. A successful exploit could allow the attacker to log in to an affected system as the root user. | ||||
| CVE-2021-40115 | 1 Cisco | 2 Collaboration Meeting Rooms, Webex Video Mesh | 2024-11-21 | 6.1 Medium |
| A vulnerability in Cisco Webex Video Mesh could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the web-based management interface. An attacker could exploit this vulnerability by persuading a user to click a crafted link. A successful exploit could allow the attacker to execute arbitrary script code in the context of the interface or access sensitive, browser-based information. | ||||
| CVE-2021-40106 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Concrete CMS through 8.5.5. There is unauthenticated stored XSS in blog comments via the website field. | ||||
| CVE-2021-40105 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Concrete CMS through 8.5.5. There is XSS via Markdown Comments. | ||||
| CVE-2021-40100 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Concrete CMS through 8.5.5. Stored XSS can occur in Conversations when the Active Conversation Editor is set to Rich Text. | ||||
| CVE-2021-40096 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via modification of the authorisationUrl in some integration configurations. | ||||
| CVE-2021-40094 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 5.4 Medium |
| A DOM-based XSS vulnerability affects SquaredUp for SCOM 5.2.1.6654. If successfully exploited, this vulnerability may allow attackers to inject malicious code into a user's device. | ||||
| CVE-2021-40093 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in integration configuration in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via dashboard actions. | ||||
| CVE-2021-40092 | 1 Squaredup | 1 Squaredup | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Image Tile in SquaredUp for SCOM 5.2.1.6654 allows remote attackers to inject arbitrary web script or HTML via an SVG file. | ||||
| CVE-2021-40041 | 1 Huawei | 2 Ws318n-21, Ws318n-21 Firmware | 2024-11-21 | 4.2 Medium |
| There is a Cross-Site Scripting(XSS) vulnerability in HUAWEI WS318n product when processing network settings. Due to insufficient validation of user input, a local authenticated attacker could exploit this vulnerability by injecting special characters. Successful exploit could cause certain information disclosure. Affected product versions include: WS318n-21 10.0.2.2, 10.0.2.5 and 10.0.2.6. | ||||
| CVE-2021-3994 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2024-11-21 | 9.6 Critical |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3985 | 1 Kimai | 1 Kimai2 | 2024-11-21 | 9.0 Critical |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3983 | 1 Kimai2 Project | 1 Kimai2 | 2024-11-21 | 6.1 Medium |
| kimai2 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3977 | 1 Invoiceninja | 1 Invoice Ninja | 2024-11-21 | 5.4 Medium |
| invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3961 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3950 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2024-11-21 | 5.4 Medium |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3945 | 1 Django-helpdesk Project | 1 Django-helpdesk | 2024-11-21 | 6.1 Medium |
| django-helpdesk is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3938 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 5.4 Medium |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3920 | 1 Getgrav | 1 Grav-plugin-admin | 2024-11-21 | 5.4 Medium |
| grav-plugin-admin is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||