Export limit exceeded: 44724 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44724 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37448 | 1 Nchsoftware | 1 Ivm Attendant | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via the Mailbox name (stored). | ||||
| CVE-2021-37416 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus version 6103 and prior is vulnerable to reflected XSS on the loadframe page. | ||||
| CVE-2021-37412 | 1 It-economics | 1 Techradar | 2024-11-21 | 6.1 Medium |
| The TechRadar app 1.1 for Confluence Server allows XSS via the Title field of a Radar. | ||||
| CVE-2021-37403 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and an App Loader relative URL is used. | ||||
| CVE-2021-37402 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via binary data that is mishandled when the legacy dataretrieval endpoint has been enabled. | ||||
| CVE-2021-37393 | 1 Rpcms | 1 Rpcms | 2024-11-21 | 5.4 Medium |
| In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. Attacker can use "update password" function to inject XSS payloads into nickname variable, and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS. | ||||
| CVE-2021-37392 | 1 Rpcms | 1 Rpcms | 2024-11-21 | 5.4 Medium |
| In RPCMS v1.8 and below, the "nickname" variable is not properly sanitized before being displayed on page. When the API functions are enabled, the attacker can use API to update user nickname with XSS payload and achieve stored XSS. Users who view the articles published by the injected user will trigger the XSS. | ||||
| CVE-2021-37391 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 5.4 Medium |
| A user without privileges in Chamilo LMS 1.11.14 can send an invitation message to another user, e.g., the administrator, through main/social/search.php, main/inc/lib/social.lib.php and steal cookies or execute arbitrary code on the administration side via a stored XSS vulnerability via social network the send invitation feature. | ||||
| CVE-2021-37390 | 1 Chamilo | 1 Chamilo Lms | 2024-11-21 | 6.1 Medium |
| A Chamilo LMS 1.11.14 reflected XSS vulnerability exists in main/social/search.php=q URI (social network search feature). | ||||
| CVE-2021-37389 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.11.14 allows stored XSS via main/install/index.php and main/install/ajax.php through the port parameter. | ||||
| CVE-2021-37386 | 1 Furukawa | 8 423-41w\/ac, 423-41w\/ac Firmware, Ld420-10r and 5 more | 2024-11-21 | 7.5 High |
| Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function. | ||||
| CVE-2021-37379 | 1 Teradek | 2 Sphere, Sphere Firmware | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Teradek Sphere all firmware versions allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | ||||
| CVE-2021-37377 | 1 Teradek | 2 Brik, Brik Firmware | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Teradek Brik firmware version 7.2.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | ||||
| CVE-2021-37376 | 1 Teradek | 6 Bond, Bond 2, Bond 2 Firmware and 3 more | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Teradek Bond, Bond 2 and Bond Pro firmware version 7.3.x and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | ||||
| CVE-2021-37375 | 1 Teradek | 4 Vidiu, Vidiu Firmware, Vidiu Mini and 1 more | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Teradek VidiU / VidiU Mini firmware version 3.0.8 and earlier allows remote attackers to run arbitrary code via the Friendly Name field in System Information Settings. NOTE: Vedor states the product has reached End of Life and will not be receiving any firmware updates to address this issue. | ||||
| CVE-2021-37365 | 1 Ctparental Project | 1 Ctparental | 2024-11-21 | 6.1 Medium |
| CTparental before 4.45.03 is vulnerable to cross-site scripting (XSS) in the CTparental admin panel. In bl_categires_help.php, the 'categories' variable is assigned with the content of the query string param 'cat' without sanitization or encoding, enabling an attacker to inject malicious code into the output webpage. | ||||
| CVE-2021-37330 | 1 Bookingcore | 1 Booking Core | 2024-11-21 | 5.4 Medium |
| Laravel Booking System Booking Core 2.0 is vulnerable to Cross Site Scripting (XSS). The Avatar upload in the My Profile section could be exploited to upload a malicious SVG file which contains Javascript. Now if another user/admin views the profile and clicks to view his avatar, an XSS will trigger. | ||||
| CVE-2021-37271 | 1 Baidu | 1 Ueditor | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. | ||||
| CVE-2021-37267 | 1 Kindsoft | 1 Kindeditor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exists in all versions of KindEditor, which can be exploited by an attacker to obtain user cookie information. | ||||
| CVE-2021-37216 | 1 Qsan | 4 Xn8008t, Xn8008t Firmware, Xn8024r and 1 more | 2024-11-21 | 6.1 Medium |
| QSAN Storage Manager header page parameters does not filter special characters. Remote attackers can inject JavaScript without logging in and launch reflected XSS attacks to access and modify specific data. | ||||