Export limit exceeded: 348124 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Export limit exceeded: 45715 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45715 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-44201 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) was possible in notification pop-ups. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2021-44200 | 3 Acronis, Linux, Microsoft | 3 Cyber Protect, Linux Kernel, Windows | 2024-11-21 | 5.4 Medium |
| Self cross-site scripting (XSS) was possible on devices page. The following products are affected: Acronis Cyber Protect 15 (Windows, Linux) before build 28035 | ||||
| CVE-2021-44178 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 5.4 Medium |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a reflected Cross-Site Scripting (XSS) vulnerability via the itemResourceType parameter. If an attacker is able to convince a victim to visit a URL referencing a vulnerable page, malicious JavaScript content may be executed within the context of the victim's browser | ||||
| CVE-2021-44177 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 8.1 High |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2021-44176 | 1 Adobe | 2 Experience Manager, Experience Manager Cloud Service | 2024-11-21 | 8.1 High |
| AEM's Cloud Service offering, as well as version 6.5.10.0 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field. | ||||
| CVE-2021-44163 | 1 Chinasea | 1 Qb Smart Service Robot | 2024-11-21 | 6.1 Medium |
| Chain Sea ai chatbot backend has improper filtering of special characters in URL parameters, which allows a remote attacker to perform JavaScript injection for XSS (reflected Cross-site scripting) attack without authentication. | ||||
| CVE-2021-44148 | 1 Gl-inet | 2 Gl-ar150, Gl-ar150 Firmware | 2024-11-21 | 6.1 Medium |
| GL.iNet GL-AR150 2.x before 3.x devices, configured as repeaters, allow cgi-bin/router_cgi?action=scanwifi XSS when an attacker creates an SSID with an XSS payload as the name. | ||||
| CVE-2021-44120 | 1 Spip | 1 Spip | 2024-11-21 | 5.4 Medium |
| SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability in ecrire/public/interfaces.php, adding the function safehtml to the vulnerable fields. An editor is able to modify his personal information. If the editor has an article written and available, when a user goes to the public site and wants to read the author's information, the malicious code will be executed. The "Who are you" and "Website Name" fields are vulnerable. | ||||
| CVE-2021-44118 | 1 Spip | 1 Spip | 2024-11-21 | 5.4 Medium |
| SPIP 4.0.0 is affected by a Cross Site Scripting (XSS) vulnerability. To exploit the vulnerability, a visitor must browse to a malicious SVG file. The vulnerability allows an authenticated attacker to inject malicious code running on the client side into web pages visited by other users (stored XSS). | ||||
| CVE-2021-44116 | 1 Anchorcms | 1 Anchor Cms | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability exits in Anchor CMS <=0.12.7 in posts.php. Attackers can use the posts column to upload the title and content containing malicious code to achieve the purpose of obtaining the administrator cookie, thereby achieving other malicious operations. | ||||
| CVE-2021-44114 | 1 Stock Management System Project | 1 Stock Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Stock Management System in PHP/OOP 1.0, which allows remote malicious users to execute arbitrary remote code execution via create user function. | ||||
| CVE-2021-44091 | 1 Multi Restaurant Table Reservation System Project | 1 Multi Restaurant Table Reservation System | 2024-11-21 | 5.4 Medium |
| A Cross-Site Scripting (XSS) vulnerability exists in Courcecodester Multi Restaurant Table Reservation System 1.0 in register.php via the (1) fullname, (2) phone, and (3) address parameters. | ||||
| CVE-2021-44082 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 8.3 High |
| textpattern 4.8.7 is vulnerable to Cross Site Scripting (XSS) via /textpattern/index.php,Body. A remote and unauthenticated attacker can use XSS to trigger remote code execution by uploading a webshell. To do so they must first steal the CSRF token before submitting a file upload request. | ||||
| CVE-2021-44076 | 1 Crushftp | 1 Crushftp | 2024-11-21 | 4.8 Medium |
| An issue was discovered in CrushFTP 9. The creation of a new user through the /WebInterface/UserManager/ interface allows an attacker, with access to the administration panel, to perform Stored Cross-Site Scripting (XSS). The payload can be executed in multiple scenarios, for example when the user's page appears in the Most Visited section of the page. | ||||
| CVE-2021-44053 | 1 Qnap | 3 Qts, Quts Hero, Qutscloud | 2024-11-21 | 5.7 Medium |
| A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running QTS, QuTS hero and QuTScloud. If exploited, this vulnerability allows remote attackers to inject malicious code. We have already fixed this vulnerability in the following versions of QTS, QuTS hero and QuTScloud: QTS 4.5.4.1991 build 20220329 and later QTS 5.0.0.1986 build 20220324 and later QuTS hero h5.0.0.1986 build 20220324 and later QuTS hero h4.5.4.1971 build 20220310 and later QuTScloud c5.0.1.1949 and later | ||||
| CVE-2021-44043 | 1 Uipath | 1 App Studio | 2024-11-21 | 5.4 Medium |
| An issue was discovered in UiPath App Studio 21.4.4. There is a persistent XSS vulnerability in the file-upload functionality for uploading icons when attempting to create new Apps. An attacker with minimal privileges in the application can build their own App and upload a malicious file containing an XSS payload, by uploading an arbitrary file and modifying the MIME type in a subsequent HTTP request. This then allows the file to be stored and retrieved from the server by other users in the same organization. | ||||
| CVE-2021-44030 | 1 Quest | 1 Kace Desktop Authority | 2024-11-21 | 6.1 Medium |
| Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. | ||||
| CVE-2021-44025 | 3 Debian, Fedoraproject, Roundcube | 3 Debian Linux, Fedora, Webmail | 2024-11-21 | 6.1 Medium |
| Roundcube before 1.3.17 and 1.4.x before 1.4.12 is prone to XSS in handling an attachment's filename extension when displaying a MIME type warning message. | ||||
| CVE-2021-43991 | 1 Kentico | 1 Xperience | 2024-11-21 | 6.8 Medium |
| The Kentico Xperience CMS version 13.0 – 13.0.43 is vulnerable to a persistent Cross-Site Scripting (XSS) vulnerability (also known as Stored or Second-Order XSS). Persistent XSS vulnerabilities occur when the application stores and retrieves client supplied data without proper handling of dangerous content. This type of XSS vulnerability is exploited by submitting malicious script content to the application which is then retrieved and executed by other application users. The attacker could exploit this to conduct a range of attacks against users of the affected application such as session hijacking, account take over and accessing sensitive data. | ||||
| CVE-2021-43977 | 1 Smartertools | 1 Smartermail | 2024-11-21 | 6.1 Medium |
| SmarterTools SmarterMail 16.x through 100.x before 100.0.7803 allows XSS. | ||||