Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 341810 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 10006 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 44721 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44721 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-35976 | 1 Plesk | 1 Obsidian | 2024-11-21 | 6.1 Medium |
| The feature to preview a website in Plesk Obsidian 18.0.0 through 18.0.32 on Linux is vulnerable to reflected XSS via the /plesk-site-preview/ PATH, aka PFSI-62467. The attacker could execute JavaScript code in the victim's browser by using the link to preview sites hosted on the server. Authentication is not required to exploit the vulnerability. | ||||
| CVE-2021-35961 | 1 Secom | 1 Dr.id Access Control | 2024-11-21 | 9.8 Critical |
| Dr. ID Door Access Control and Personnel Attendance Management system uses the hard-code admin default credentials that allows remote attackers to access the system through the default password and obtain the highest permission. | ||||
| CVE-2021-35959 | 1 Plone | 1 Plone | 2024-11-21 | 5.4 Medium |
| In Plone 5.0 through 5.2.4, Editors are vulnerable to XSS in the folder contents view, if a Contributor has created a folder with a SCRIPT tag in the description field. | ||||
| CVE-2021-35956 | 1 Akcp | 10 Sensorprobe2, Sensorprobe2 Firmware, Sensorprobe4 and 7 more | 2024-11-21 | 5.4 Medium |
| Stored cross-site scripting (XSS) in the embedded webserver of AKCP sensorProbe before SP480-20210624 enables remote authenticated attackers to introduce arbitrary JavaScript via the Sensor Description, Email (from/to/cc), System Name, and System Location fields. | ||||
| CVE-2021-35955 | 1 Contao | 1 Contao | 2024-11-21 | 4.8 Medium |
| Contao >=4.0.0 allows backend XSS via HTML attributes to an HTML field. Fixed in 4.4.56, 4.9.18, 4.11.7. | ||||
| CVE-2021-35513 | 1 Mermaid Project | 1 Mermaid | 2024-11-21 | 6.1 Medium |
| Mermaid before 8.11.0 allows XSS when the antiscript feature is used. | ||||
| CVE-2021-35506 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| Afian FileRun 2021.03.26 allows XSS when an administrator encounters a crafted document during use of the HTML Editor for a preview or edit action. | ||||
| CVE-2021-35503 | 1 Afian | 1 Filerun | 2024-11-21 | 6.1 Medium |
| Afian FileRun 2021.03.26 allows stored XSS via an HTTP X-Forwarded-For header that is mishandled when rendering Activity Logs. | ||||
| CVE-2021-35501 | 1 Pandorafms | 1 Pandora Fms | 2024-11-21 | 5.4 Medium |
| PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. When a user or an administrator visits the console, the XSS payload will be executed. | ||||
| CVE-2021-35499 | 1 Tibco | 1 Nimbus | 2024-11-21 | 8 High |
| The Web Reporting component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Stored Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO Nimbus: versions 10.4.0 and below. | ||||
| CVE-2021-35493 | 1 Tibco | 3 Webfocus Client, Webfocus Installer, Webfocus Reporting Server | 2024-11-21 | 9 Critical |
| The WebFOCUS Reporting Server and WebFOCUS Client components of TIBCO Software Inc.'s TIBCO WebFOCUS Client, TIBCO WebFOCUS Installer, and TIBCO WebFOCUS Reporting Server contain easily exploitable Stored and Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute scripts targeting the affected system or the victim's local system. A successful attack using this vulnerability requires human interaction from a person other than the attacker. Affected releases are TIBCO Software Inc.'s TIBCO WebFOCUS Client: versions 8207.27.0 and below, TIBCO WebFOCUS Installer: versions 8207.27.0 and below, and TIBCO WebFOCUS Reporting Server: versions 8207.27.0 and below. | ||||
| CVE-2021-35490 | 1 Thruk | 1 Thruk | 2024-11-21 | 5.4 Medium |
| Thruk before 2.44 allows XSS for a quick command. | ||||
| CVE-2021-35489 | 1 Thruk | 1 Thruk | 2024-11-21 | 6.1 Medium |
| Thruk 2.40-2 allows /thruk/#cgi-bin/extinfo.cgi?type=2&host={HOSTNAME]&service={SERVICENAME]&backend={BACKEND] Reflected XSS via the host or service parameter. An attacker could inject arbitrary JavaScript into extinfo.cgi. The malicious payload would be triggered every time an authenticated user browses the page containing it. | ||||
| CVE-2021-35488 | 1 Thruk | 1 Thruk | 2024-11-21 | 6.1 Medium |
| Thruk 2.40-2 allows /thruk/#cgi-bin/status.cgi?style=combined&title={TITLE] Reflected XSS via the host or title parameter. An attacker could inject arbitrary JavaScript into status.cgi. The payload would be triggered every time an authenticated user browses the page containing it. | ||||
| CVE-2021-35479 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| Nagios Log Server before 2.1.9 contains Stored XSS in the custom column view for the alert history and audit log function through the affected pp parameter. This affects users who open a crafted link or third-party web page. | ||||
| CVE-2021-35478 | 1 Nagios | 1 Log Server | 2024-11-21 | 5.4 Medium |
| Nagios Log Server before 2.1.9 contains Reflected XSS in the dropdown box for the alert history and audit log function. All parameters used for filtering are affected. This affects users who open a crafted link or third-party web page. | ||||
| CVE-2021-35475 | 1 Sas | 1 Environment Manager | 2024-11-21 | 5.4 Medium |
| SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. The XSS will prompt when editing the Configuration Properties. | ||||
| CVE-2021-35463 | 1 Liferay | 1 Liferay Portal | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the `keywords` parameter. | ||||
| CVE-2021-35451 | 1 Teradici | 1 Pcoip Management Console | 2024-11-21 | 6.1 Medium |
| In Teradici PCoIP Management Console-Enterprise 20.07.0, an unauthenticated user can inject arbitrary text into user browser via the Web application. | ||||
| CVE-2021-35440 | 1 Smashing Project | 1 Smashing | 2024-11-21 | 6.1 Medium |
| Smashing 1.3.4 is vulnerable to Cross Site Scripting (XSS). A URL for a widget can be crafted and used to execute JavaScript on the victim's computer. The JavaScript code can then steal data available in the session/cookies depending on the user environment (e.g. if re-using internal URL's for deploying, or cookies that are very permissive) private information may be retrieved by the attacker. | ||||