Export limit exceeded: 45710 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45710 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-41465 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | ||||
| CVE-2021-41464 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel parameter. | ||||
| CVE-2021-41463 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the cID parameter. | ||||
| CVE-2021-41462 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID parameter. | ||||
| CVE-2021-41461 | 1 Concrete5-legacy Project | 1 Concrete5-legacy | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode parameter. | ||||
| CVE-2021-41445 | 1 Dlink | 2 Dir-x1860, Dir-x1860 Firmware | 2024-11-21 | 6.1 Medium |
| A reflected cross-site-scripting attack in web application of D-Link DIR-X1860 before v1.10WWB09_Beta allows a remote unauthenticated attacker to execute code in the device of the victim via sending a specific URL to the unauthenticated victim. | ||||
| CVE-2021-41432 | 1 Flatpress | 1 Flatpress | 2024-11-21 | 5.4 Medium |
| A stored cross-site scripting (XSS) vulnerability exists in FlatPress 1.2.1 that allows for arbitrary execution of JavaScript commands through blog content. | ||||
| CVE-2021-41427 | 1 Beeline | 2 Smart Box, Smart Box Firmware | 2024-11-21 | 6.1 Medium |
| Beeline Smart Box 2.0.38 is vulnerable to Cross Site Scripting (XSS) via the choose_mac parameter to setup.cgi. | ||||
| CVE-2021-41421 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 4.8 Medium |
| A PHP code injection vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker to gain RCE through the MaianAffiliate admin panel. | ||||
| CVE-2021-41420 | 1 Maianmedia | 1 Maianaffiliate | 2024-11-21 | 5.4 Medium |
| A stored XSS vulnerability in MaianAffiliate v.1.0 allows an authenticated attacker for arbitrary JavaScript code execution in the context of authenticated and unauthenticated users through the MaianAffiliate admin panel. | ||||
| CVE-2021-41415 | 1 Subscription-manager Project | 1 Subscription-manager | 2024-11-21 | 6.1 Medium |
| Subscription-Manager v1.0 /main.js has a cross-site scripting (XSS) vulnerability in the machineDetail parameter. | ||||
| CVE-2021-41391 | 1 Ericsson | 1 Enterprise Content Management | 2024-11-21 | 5.4 Medium |
| In Ericsson ECM before 18.0, it was observed that Security Management Endpoint in User Profile Management Section is vulnerable to stored XSS via a name, leading to session hijacking and full account takeover. | ||||
| CVE-2021-41354 | 1 Microsoft | 1 Dynamics 365 | 2024-11-21 | 5.4 Medium |
| Microsoft Dynamics 365 (on-premises) Cross-site Scripting Vulnerability | ||||
| CVE-2021-41318 | 1 Progress | 1 Whatsupgold | 2024-11-21 | 6.1 Medium |
| In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser. | ||||
| CVE-2021-41310 | 1 Atlassian | 1 Jira Software Data Center | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the Associated Projects feature (/secure/admin/AssociatedProjectsForCustomField.jspa). The affected versions are before version 8.5.19, from version 8.6.0 before 8.13.11, and from version 8.14.0 before 8.19.1. | ||||
| CVE-2021-41304 | 1 Atlassian | 4 Data Center, Jira, Jira Data Center and 1 more | 2024-11-21 | 6.1 Medium |
| Affected versions of Atlassian Jira Server and Data Center allow anonymous remote attackers to inject arbitrary HTML or JavaScript via a Cross-Site Scripting (XSS) vulnerability in the /secure/admin/ImporterFinishedPage.jspa error message. The affected versions are before version 8.13.12, and from version 8.14.0 before 8.20.2. | ||||
| CVE-2021-41299 | 1 Ecoa | 5 Ecs Router Controller-ecs, Ecs Router Controller-ecs Firmware, Riskbuster and 2 more | 2024-11-21 | 9.8 Critical |
| ECOA BAS controller is vulnerable to hard-coded credentials within its Linux distribution image, thus remote attackers can obtain administrator’s privilege without logging in. | ||||
| CVE-2021-41261 | 1 Galette | 1 Galette | 2024-11-21 | 8.1 High |
| Galette is a membership management web application built for non profit organizations and released under GPLv3. Versions prior to 0.9.6 are subject to stored cross site scripting attacks via the preferences footer. The preference footer can only be altered by a site admin. This issue has been resolved in the 0.9.6 release and all users are advised to upgrade. There are no known workarounds. | ||||
| CVE-2021-41258 | 1 Getkirby | 1 Kirby | 2024-11-21 | 7.3 High |
| Kirby is an open source file structured CMS. In affected versions Kirby's blocks field stores structured data for each block. This data is then used in block snippets to convert the blocks to HTML for use in your templates. We recommend to escape HTML special characters to protect against cross-site scripting (XSS) attacks. The default snippet for the image block unfortunately did not use our escaping helper. This made it possible to include malicious HTML code in the source, alt and link fields of the image block, which would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the blocks field are not affected. This issue has been patched in Kirby version 3.5.8 by escaping special HTML characters in the output from the default image block snippet. Please update to this or a later version to fix the vulnerability. | ||||
| CVE-2021-41252 | 1 Getkirby | 1 Kirby | 2024-11-21 | 7.3 High |
| Kirby is an open source file structured CMS ### Impact Kirby's writer field stores its formatted content as HTML code. Unlike with other field types, it is not possible to escape HTML special characters against cross-site scripting (XSS) attacks, otherwise the formatting would be lost. If the user is logged in to the Panel, a harmful script can for example trigger requests to Kirby's API with the permissions of the victim. Because the writer field did not securely sanitize its contents on save, it was possible to inject malicious HTML code into the content file by sending it to Kirby's API directly without using the Panel. This malicious HTML code would then be displayed on the site frontend and executed in the browsers of site visitors and logged in users who are browsing the site. Attackers must be in your group of authenticated Panel users in order to exploit this weakness. Users who do not make use of the writer field are not affected. This issue has been patched in Kirby 3.5.8 by sanitizing all writer field contents on the backend whenever the content is modified via Kirby's API. Please update to this or a later version to fix the vulnerability. | ||||