Export limit exceeded: 44699 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44699 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-28160 | 1 Acexy Wireless-n Wifi Repeater Project | 2 Acexy Wireless-n Wifi Repeater, Acexy Wireless-n Wifi Repeater Firmware | 2024-11-21 | 6.1 Medium |
| Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard" homepage section). | ||||
| CVE-2021-28145 | 1 Concretecms | 1 Concrete Cms | 2024-11-21 | 5.4 Medium |
| Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. This requires at least Editor privileges. | ||||
| CVE-2021-28126 | 1 Compassplus | 1 Tranzware E-commerce Payment Gateway | 2024-11-21 | 6.1 Medium |
| index.jsp in TranzWare e-Commerce Payment Gateway (TWEC PG) before 3.1.27.5 had a Stored cross-site scripting (XSS) vulnerability | ||||
| CVE-2021-28115 | 1 Ougc Feedback Project | 1 Ougc Feedback | 2024-11-21 | 6.1 Medium |
| The OUGC Feedback plugin before 1.8.23 for MyBB allows XSS via the comment field of feedback during an edit operation. | ||||
| CVE-2021-28114 | 1 Froala | 1 Froala Editor | 2024-11-21 | 5.4 Medium |
| Froala WYSIWYG Editor 3.2.6-1 is affected by XSS due to a namespace confusion during parsing. | ||||
| CVE-2021-28111 | 1 Draeger | 4 X-dock 5300, X-dock 6300, X-dock 6600 and 1 more | 2024-11-21 | 8.8 High |
| Draeger X-Dock Firmware before 03.00.13 has Hard-Coded Credentials, leading to remote code execution by an authenticated attacker. | ||||
| CVE-2021-28109 | 1 Compassplus | 1 Tranzware Fimi | 2024-11-21 | 6.1 Medium |
| TranzWare (POI) FIMI before 4.2.20.4.2 allows login_tw.php reflected Cross-Site Scripting (XSS). | ||||
| CVE-2021-28088 | 1 Impresscms | 1 Impresscms | 2024-11-21 | 5.4 Medium |
| Cross-site scripting (XSS) in modules/content/admin/content.php in ImpressCMS profile 1.4.2 allows remote attackers to inject arbitrary web script or HTML parameters through the "Display Name" field. | ||||
| CVE-2021-28079 | 1 Jamovi | 1 Jamovi | 2024-11-21 | 6.1 Medium |
| Jamovi <=1.6.18 is affected by a cross-site scripting (XSS) vulnerability. The column-name is vulnerable to XSS in the ElectronJS Framework. An attacker can make a .omv (Jamovi) document containing a payload. When opened by victim, the payload is triggered. | ||||
| CVE-2021-28054 | 1 Centreon | 1 Centreon | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Centreon-Web in Centreon Platform 20.10.0. A Stored Cross-Site Scripting (XSS) issue in "Configuration > Hosts" allows remote authenticated users to inject arbitrary web script or HTML via the Alias parameter. | ||||
| CVE-2021-28047 | 1 Devolutions | 1 Remote Desktop Manager | 2024-11-21 | 5.4 Medium |
| Cross-Site Scripting (XSS) in Administrative Reports in Devolutions Remote Desktop Manager before 2021.1 allows remote authenticated users to inject arbitrary web script or HTML via multiple input fields. | ||||
| CVE-2021-28007 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | 6.1 Medium |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in register.php through the name parameter. | ||||
| CVE-2021-28006 | 1 Web Based Quiz System Project | 1 Web Based Quiz System | 2024-11-21 | 6.1 Medium |
| Web Based Quiz System 1.0 is affected by cross-site scripting (XSS) in admin.php through the options parameter. | ||||
| CVE-2021-28002 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.4 Medium |
| A persistent cross-site scripting vulnerability was discovered in the Excerpt parameter in Textpattern CMS 4.9.0 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting the 'Articles' page. | ||||
| CVE-2021-28001 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 5.4 Medium |
| A cross-site scripting vulnerability was discovered in the Comments parameter in Textpattern CMS 4.8.4 which allows remote attackers to execute arbitrary code via a crafted payload entered into the URL field. The vulnerability is triggered by users visiting https://site.com/articles/welcome-to-your-site#comments-head. | ||||
| CVE-2021-28000 | 1 Local Services Search Engine Management System Project | 1 Local Services Search Engine Management System | 2024-11-21 | 4.8 Medium |
| A persistent cross-site scripting vulnerability was discovered in Local Services Search Engine Management System Project 1.0 which allows remote attackers to execute arbitrary code via crafted payloads entered into the Name and Address fields. | ||||
| CVE-2021-27989 | 1 Appspace | 1 Appspace | 2024-11-21 | 5.4 Medium |
| Appspace 6.2.4 is vulnerable to stored cross-site scripting (XSS) in multiple parameters within /medianet/sgcontentset.aspx. | ||||
| CVE-2021-27969 | 1 Boonex | 1 Dolphin | 2024-11-21 | 4.8 Medium |
| Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter. | ||||
| CVE-2021-27956 | 1 Zohocorp | 1 Manageengine Adselfservice Plus | 2024-11-21 | 6.1 Medium |
| Zoho ManageEngine ADSelfService Plus before 6104 allows stored XSS on the /webclient/index.html#/directory-search user search page via the e-mail address field. | ||||
| CVE-2021-27952 | 1 Ecobee | 2 Ecobee3 Lite, Ecobee3 Lite Firmware | 2024-11-21 | 9.8 Critical |
| Hardcoded default root credentials exist on the ecobee3 lite 4.5.81.200 device. This allows a threat actor to gain access to the password-protected bootloader environment through the serial console. | ||||