Export limit exceeded: 21107 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44724 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44724 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-37211 | 1 Larvata | 1 Flygo | 2024-11-21 | 5.4 Medium |
| The bulletin function of Flygo does not filter special characters while a new announcement is added. Remoter attackers can use the vulnerability with general user’s credential to inject JavaScript and execute stored XSS attacks. | ||||
| CVE-2021-37195 | 1 Siemens | 1 Comos | 2024-11-21 | 6.1 Medium |
| A vulnerability has been identified in COMOS V10.2 (All versions only if web components are used), COMOS V10.3 (All versions < V10.3.3.3 only if web components are used), COMOS V10.4 (All versions < V10.4.1 only if web components are used). The COMOS Web component of COMOS accepts arbitrary code as attachment to tasks. This could allow an attacker to inject malicious code that is executed when loading the attachment. | ||||
| CVE-2021-37163 | 1 Swisslog-healthcare | 2 Hmi-3 Control Panel, Hmi-3 Control Panel Firmware | 2024-11-21 | 9.8 Critical |
| An insecure permissions issue was discovered in HMI3 Control Panel in Swisslog Healthcare Nexus operated by released versions of software before Nexus Software 7.2.5.7. The device has two user accounts with passwords that are hardcoded. | ||||
| CVE-2021-37152 | 1 Sonatype | 1 Nexus Repository Manager | 2024-11-21 | 5.4 Medium |
| Multiple XSS issues exist in Sonatype Nexus Repository Manager 3 before 3.33.0. An authenticated attacker with the ability to add HTML files to a repository could redirect users to Nexus Repository Manager’s pages with code modifications. | ||||
| CVE-2021-36950 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2021-36946 | 1 Microsoft | 2 Dynamics 365 Business Central, Dynamics Nav | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics Business Central Cross-site Scripting Vulnerability | ||||
| CVE-2021-36905 | 1 Expresstech | 1 Quiz And Survey Master | 2024-11-21 | 5.4 Medium |
| Multiple Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerabilities in Quiz And Survey Master plugin <= 7.3.4 on WordPress. | ||||
| CVE-2021-36870 | 1 Codecabin | 1 Wp Go Maps | 2024-11-21 | 5.5 Medium |
| Multiple Authenticated Persistent Cross-Site Scripting (XSS) vulnerabilities in WordPress WP Google Maps plugin (versions <= 8.1.12). Vulnerable parameters: &dataset_name, &wpgmza_gdpr_retention_purpose, &wpgmza_gdpr_company_name, &name #2, &name, &polyname #2, &polyname, &address. | ||||
| CVE-2021-36832 | 1 Icegram | 1 Icegram Engage | 2024-11-21 | 4.8 Medium |
| WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin – Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. | ||||
| CVE-2021-36827 | 1 Ninjaforms | 1 Ninja Forms | 2024-11-21 | 4.8 Medium |
| Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Saturday Drive's Ninja Forms Contact Form plugin <= 3.6.9 at WordPress via "label". | ||||
| CVE-2021-36823 | 2 Cusmin, Wordpress | 2 Absolutely Glamorous Custom Admin, Absolutely Glamorous Custom Admin | 2024-11-21 | 6.6 Medium |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Cusmin AGCA - Absolutely Glamorous Custom Admin (WordPress plugin) allows Stored XSS.This issue affects AGCA - Absolutely Glamorous Custom Admin (WordPress plugin): from n/a through 6.8. | ||||
| CVE-2021-36821 | 1 Incsub | 1 Forminator | 2024-11-21 | 7.1 High |
| Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPMU DEV Forminator allows Stored XSS.This issue affects Forminator: from n/a through 1.14.11. | ||||
| CVE-2021-36805 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 5.2 Medium |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in the sales invoice processing component of the application. This issue was fixed in version 2.1.13 of the product. | ||||
| CVE-2021-36803 | 1 Akaunting | 1 Akaunting | 2024-11-21 | 6.3 Medium |
| Akaunting version 2.1.12 and earlier suffers from a persistent (type II) cross-site scripting (XSS) vulnerability in processing user-supplied avatar images. This issue was fixed in version 2.1.13 of the product. | ||||
| CVE-2021-36799 | 1 Knx | 1 Engineering Tool Software 5 | 2024-11-21 | 8.8 High |
| KNX ETS5 through 5.7.6 uses the hard-coded password ETS5Password, with a salt value of Ivan Medvedev, allowing local users to read project information. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-36790 | 1 Dated News Project | 1 Dated News | 2024-11-21 | 6.1 Medium |
| The dated_news (aka Dated News) extension through 5.1.1 for TYPO3 allows XSS. | ||||
| CVE-2021-36788 | 1 Yoast | 1 Yoast Seo | 2024-11-21 | 5.4 Medium |
| The yoast_seo (aka Yoast SEO) extension before 7.2.3 for TYPO3 allows XSS. | ||||
| CVE-2021-36787 | 1 In2code | 1 Femanager | 2024-11-21 | 5.4 Medium |
| The femanager extension before 5.5.1 and 6.x before 6.3.1 for TYPO3 allows XSS via a crafted SVG document. | ||||
| CVE-2021-36785 | 1 Miniorange | 1 Saml | 2024-11-21 | 5.4 Medium |
| The miniorange_saml (aka Miniorange Saml) extension before 1.4.3 for TYPO3 allows XSS. | ||||
| CVE-2021-36772 | 1 Zohocorp | 1 Manageengine Admanager Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADManager Plus before 7110 allows stored XSS. | ||||