Export limit exceeded: 44694 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (44694 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26844 | 1 Poweradmin | 1 Pa Server Monitor | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. | ||||
| CVE-2021-26835 | 1 Zettlr | 1 Zettlr | 2024-11-21 | 6.1 Medium |
| No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. | ||||
| CVE-2021-26834 | 1 Znote | 1 Znote | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. | ||||
| CVE-2021-26832 | 1 Priority-software | 1 Priority Enterprise Management System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. | ||||
| CVE-2021-26812 | 1 Jitsi | 1 Meet | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | ||||
| CVE-2021-26799 | 1 Omeka | 1 Omeka | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2021-26787 | 1 Genesys | 1 Workforce Management | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. | ||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | ||||
| CVE-2021-26746 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | ||||
| CVE-2021-26723 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | 6.1 Medium |
| Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | ||||
| CVE-2021-26722 | 1 Linkedin | 1 Oncall | 2024-11-21 | 6.1 Medium |
| LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. | ||||
| CVE-2021-26716 | 1 Openenergymonitor | 1 Emoncms | 2024-11-21 | 6.1 Medium |
| Modules/input/Views/schedule.php in Emoncms through 10.2.7 allows XSS via the node parameter. | ||||
| CVE-2021-26710 | 1 Redwood | 1 Report2web | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in the login panel in Redwood Report2Web 4.3.4.5 and 4.5.3 allows remote attackers to inject JavaScript via the signIn.do urll parameter. | ||||
| CVE-2021-26702 | 1 Eprints | 1 Eprints | 2024-11-21 | 6.1 Medium |
| EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. | ||||
| CVE-2021-26698 | 1 Open-xchange | 1 Open-xchange Appsuite | 2024-11-21 | 6.1 Medium |
| OX App Suite before 7.10.3-rev32 and 7.10.4 before 7.10.4-rev18 allows XSS via a code snippet (user-generated content) when a sharing link is created and the dl parameter is used. | ||||
| CVE-2021-26682 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.1 Medium |
| A remote reflected cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the guest portal interface of ClearPass could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of the portal. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the guest portal interface. | ||||
| CVE-2021-26678 | 1 Arubanetworks | 1 Clearpass Policy Manager | 2024-11-21 | 6.1 Medium |
| A remote unauthenticated stored cross-site scripting (XSS) vulnerability was discovered in Aruba ClearPass Policy Manager version(s): Prior to 6.9.5, 6.8.8-HF1, 6.7.14-HF1. A vulnerability in the web-based management interface of ClearPass could allow an unauthenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against an administrative user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | ||||
| CVE-2021-26636 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 8.8 High |
| Stored XSS and SQL injection vulnerability in MaxBoard could lead to occur Remote Code Execution, which could lead to information exposure and privilege escalation. | ||||
| CVE-2021-26628 | 2 Linux, Maxb | 2 Linux Kernel, Maxboard | 2024-11-21 | 8.1 High |
| Insufficient script validation of the admin page enables XSS, which causes unauthorized users to steal admin privileges. When uploading file in a specific menu, the verification of the files is insufficient. It allows remote attackers to upload arbitrary files disguising them as image files. | ||||
| CVE-2021-26611 | 1 Hej | 2 Hejhome Gkw-ic052, Hejhome Gkw-ic052 Firmware | 2024-11-21 | 8.1 High |
| HejHome GKW-IC052 IP Camera contained a hard-coded credentials vulnerability. This issue allows remote attackers to operate the IP Camera.(reboot, factory reset, snapshot etc..) | ||||