Export limit exceeded: 347828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 347828 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45687 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-33469 | 1 Phpgurukul | 1 Covid19 Testing Management System | 2024-11-21 | 4.8 Medium |
| COVID19 Testing Management System 1.0 is vulnerable to Cross Site Scripting (XSS) via the "Admin name" parameter. | ||||
| CVE-2021-33425 | 1 Openwrt | 1 Openwrt | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability was discovered in the Web Interface for OpenWRT LuCI version 19.07 which allows attackers to inject arbitrary Javascript in the OpenWRT Hostname via the Hostname Change operation. | ||||
| CVE-2021-33348 | 1 Jfinal | 1 Jfinal | 2024-11-21 | 6.1 Medium |
| An issue was discovered in JFinal framework v4.9.10 and below. The "set" method of the "Controller" class of jfinal framework is not strictly filtered, which will lead to XSS vulnerabilities in some cases. | ||||
| CVE-2021-33347 | 1 Jpress | 1 Jpress | 2024-11-21 | 5.4 Medium |
| An issue was discovered in JPress v3.3.0 and below. There are XSS vulnerabilities in the template module and tag management module. If you log in to the background by means of weak password, the storage XSS vulnerability can occur. | ||||
| CVE-2021-33295 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 5.4 Medium |
| Cross Site Scripting (XSS) vulnerability in Joplin Desktop App before 1.8.5 allows attackers to execute aribrary code due to improper sanitizing of html. | ||||
| CVE-2021-33220 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 7.8 High |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. Hard-coded API Keys exist. | ||||
| CVE-2021-33219 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 9.8 Critical |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded Web Application Administrator Passwords for the admin and nplus1user accounts. | ||||
| CVE-2021-33218 | 1 Commscope | 1 Ruckus Iot Controller | 2024-11-21 | 9.8 Critical |
| An issue was discovered in CommScope Ruckus IoT Controller 1.7.1.0 and earlier. There are Hard-coded System Passwords that provide shell access. | ||||
| CVE-2021-33212 | 1 Element-it | 1 Http Commander | 2024-11-21 | 5.4 Medium |
| A Cross-site scripting (XSS) vulnerability in the "View in Browser" feature in Elements-IT HTTP Commander 5.3.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted SVG image. | ||||
| CVE-2021-33192 | 1 Apache | 1 Jena Fuseki | 2024-11-21 | 6.1 Medium |
| A vulnerability in the HTML pages of Apache Jena Fuseki allows an attacker to execute arbitrary javascript on certain page views. This issue affects Apache Jena Fuseki from version 2.0.0 to version 4.0.0 (inclusive). | ||||
| CVE-2021-33179 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 6.1 Medium |
| The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. An authenticated victim, who accesses a specially crafted malicious URL, would unknowingly execute the attached payload. | ||||
| CVE-2021-33041 | 1 Vmd Project | 1 Vmd | 2024-11-21 | 6.1 Medium |
| vmd through 1.34.0 allows 'div class="markdown-body"' XSS, as demonstrated by Electron remote code execution via require('child_process').execSync('calc.exe') on Windows and a similar attack on macOS. | ||||
| CVE-2021-33040 | 1 Futurepress | 1 Epub.js | 2024-11-21 | 6.1 Medium |
| managers/views/iframe.js in FuturePress EPub.js before 0.3.89 allows XSS. | ||||
| CVE-2021-32993 | 1 Philips | 4 Intellibridge Ec40, Intellibridge Ec40 Firmware, Intellibridge Ec80 and 1 more | 2024-11-21 | 8.1 High |
| IntelliBridge EC 40 and 60 Hub (C.00.04 and prior) contains hard-coded credentials, such as a password or a cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data. | ||||
| CVE-2021-32862 | 2 Debian, Jupyter | 2 Debian Linux, Nbconvert | 2024-11-21 | 7.5 High |
| The GitHub Security Lab discovered sixteen ways to exploit a cross-site scripting vulnerability in nbconvert. When using nbconvert to generate an HTML version of a user-controllable notebook, it is possible to inject arbitrary HTML which may lead to cross-site scripting (XSS) vulnerabilities if these HTML notebooks are served by a web server (eg: nbviewer). | ||||
| CVE-2021-32827 | 2 Mock-server, Oracle | 2 Mockserver, Communications Cloud Native Core Policy | 2024-11-21 | 6.1 Medium |
| MockServer is open source software which enables easy mocking of any system you integrate with via HTTP or HTTPS. An attacker that can trick a victim into visiting a malicious site while running MockServer locally, will be able to run arbitrary code on the MockServer machine. With an overly broad default CORS configuration MockServer allows any site to send cross-site requests. Additionally, MockServer allows you to create dynamic expectations using Javascript or Velocity templates. Both engines may allow an attacker to execute arbitrary code on-behalf of MockServer. By combining these two issues (Overly broad CORS configuration + Script injection), an attacker could serve a malicious page so that if a developer running MockServer visits it, they will get compromised. For more details including a PoC see the referenced GHSL-2021-059. | ||||
| CVE-2021-32818 | 1 Haml-coffee Project | 1 Haml-coffee | 2024-11-21 | 7.7 High |
| haml-coffee is a JavaScript templating solution. haml-coffee mixes pure template data with engine configuration options through the Express render API. More specifically, haml-coffee supports overriding a series of HTML helper functions through its configuration options. A vulnerable application that passes user controlled request objects to the haml-coffee template engine may introduce RCE vulnerabilities. Additionally control over the escapeHtml parameter through template configuration pollution ensures that haml-coffee would not sanitize template inputs that may result in reflected Cross Site Scripting attacks against downstream applications. There is currently no fix for these issues as of the publication of this CVE. The latest version of haml-coffee is currently 1.14.1. For complete details refer to the referenced GHSL-2021-025. | ||||
| CVE-2021-32812 | 1 Tekmonks | 1 Monkshu | 2024-11-21 | 4.6 Medium |
| Monkshu is an enterprise application server for mobile apps (iOS and Android), responsive HTML 5 apps, and JSON API services. In version 2.90 and earlier, there is a reflected cross-site scripting vulnerability in frontend HTTP server. The attacker can send in a carefully crafted URL along with a known bug in the server which will cause a 500 error, and the response will then embed the URL provided by the hacker. The impact is moderate as the hacker must also be able to craft an HTTP request which should cause a 500 server error. None such requests are known as this point. The issue is patched in version 2.95. As a workaround, one may use a disk caching plugin. | ||||
| CVE-2021-32809 | 3 Ckeditor, Fedoraproject, Oracle | 10 Ckeditor, Fedora, Application Express and 7 more | 2024-11-21 | 4.6 Medium |
| ckeditor is an open source WYSIWYG HTML editor with rich content support. A potential vulnerability has been discovered in CKEditor 4 [Clipboard](https://ckeditor.com/cke4/addon/clipboard) package. The vulnerability allowed to abuse paste functionality using malformed HTML, which could result in injecting arbitrary HTML into the editor. It affects all users using the CKEditor 4 plugins listed above at version >= 4.5.2. The problem has been recognized and patched. The fix will be available in version 4.16.2. | ||||
| CVE-2021-32808 | 3 Ckeditor, Fedoraproject, Oracle | 13 Ckeditor, Fedora, Application Express and 10 more | 2024-11-21 | 7.6 High |
| ckeditor is an open source WYSIWYG HTML editor with rich content support. A vulnerability has been discovered in the clipboard Widget plugin if used alongside the undo feature. The vulnerability allows a user to abuse undo functionality using malformed widget HTML, which could result in executing JavaScript code. It affects all users using the CKEditor 4 plugins listed above at version >= 4.13.0. The problem has been recognized and patched. The fix will be available in version 4.16.2. | ||||