Export limit exceeded: 45690 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45690 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-38263 | 1 Liferay | 2 Digital Experience Platform, Liferay Portal | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) vulnerability in the Server module's script console in Liferay Portal 7.3.2 and earlier, and Liferay DXP 7.0 before fix pack 101, 7.1 before fix pack 20 and 7.2 before fix pack 10 allows remote attackers to inject arbitrary web script or HTML via the output of a script. | ||||
| CVE-2021-38221 | 1 Bbs-go Project | 1 Bbs-go | 2024-11-21 | 5.4 Medium |
| bbs-go <= 3.3.0 including Custom Edition is vulnerable to stored XSS. | ||||
| CVE-2021-38193 | 1 Ammonia Project | 1 Ammonia | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the ammonia crate before 3.1.0 for Rust. XSS can occur because the parsing differences for HTML, SVG, and MathML are mishandled, a similar issue to CVE-2020-26870. | ||||
| CVE-2021-38186 | 1 Comrak Project | 1 Comrak | 2024-11-21 | 6.1 Medium |
| An issue was discovered in the comrak crate before 0.10.1 for Rust. It mishandles & characters, leading to XSS via &# HTML entities. | ||||
| CVE-2021-38183 | 1 Sap | 1 Netweaver | 2024-11-21 | 6.1 Medium |
| SAP NetWeaver - versions 700, 701, 702, 730, does not sufficiently encode user-controlled inputs, allowing an attacker to cause a potential victim to supply a malicious content to a vulnerable web application, which is then reflected to the victim and executed by the web browser, resulting in Cross-Site Scripting vulnerability. | ||||
| CVE-2021-38157 | 1 Leostream | 1 Connection Broker | 2024-11-21 | 6.1 Medium |
| LeoStream Connection Broker 9.x before 9.0.34.3 allows Unauthenticated Reflected XSS via the /index.pl user parameter. NOTE: This vulnerability only affects products that are no longer supported by the maintainer | ||||
| CVE-2021-38156 | 1 Nagios | 1 Nagios Xi | 2024-11-21 | 5.4 Medium |
| In Nagios XI before 5.8.6, XSS exists in the dashboard page (/dashboards/#) when administrative users attempt to edit a dashboard. | ||||
| CVE-2021-38152 | 1 Chikitsa | 1 Patient Management System | 2024-11-21 | 5.4 Medium |
| index.php/appointment/insert_patient_add_appointment in Chikitsa Patient Management System 2.0.0 allows XSS. | ||||
| CVE-2021-38151 | 1 Chikitsa | 1 Patient Management System | 2024-11-21 | 5.4 Medium |
| index.php/appointment/todos in Chikitsa Patient Management System 2.0.0 allows XSS. | ||||
| CVE-2021-38149 | 1 Chikitsa | 1 Patient Management System | 2024-11-21 | 5.4 Medium |
| index.php/admin/add_user in Chikitsa Patient Management System 2.0.0 allows XSS. | ||||
| CVE-2021-38144 | 1 Formtools | 1 Core | 2024-11-21 | 5.4 Medium |
| An issue was discovered in Form Tools through 3.0.20. A low-privileged user can trigger Reflected XSS when a viewing a form via the submission_id parameter, e.g., clients/forms/edit_submission.php?form_id=1&view_id=1&submission_id=[XSS]. | ||||
| CVE-2021-38143 | 1 Formtools | 1 Core | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Form Tools through 3.0.20. When an administrator creates a customer account, it is possible for the customer to log in and proceed with a change of name and last name. However, these fields are vulnerable to XSS payload insertion, being triggered in the admin panel when the admin tries to see the client list. This type of XSS (stored) can lead to the extraction of the PHPSESSID cookie belonging to the admin. | ||||
| CVE-2021-38138 | 1 Onenav | 1 Onenav | 2024-11-21 | 5.4 Medium |
| OneNav beta 0.9.12 allows XSS via the Add Link feature. NOTE: the vendor's position is that there intentionally is not any XSS protection at present, because the attack risk is largely limited to a compromised account; however, XSS protection is planned for a future release. | ||||
| CVE-2021-38127 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2021-38126 | 1 Microfocus | 1 Arcsight Enterprise Security Manager | 2024-11-21 | 6.1 Medium |
| Potential vulnerabilities have been identified in Micro Focus ArcSight Enterprise Security Manager, affecting versions 7.4.x and 7.5.x. The vulnerabilities could be remotely exploited resulting in Cross-Site Scripting (XSS). | ||||
| CVE-2021-38113 | 1 Openwebif Project | 1 Openwebif | 2024-11-21 | 5.4 Medium |
| In addBouquet in js/bqe.js in OpenWebif (aka e2openplugin-OpenWebif) through 1.4.7, inserting JavaScript into the Add Bouquet feature of the Bouquet Editor (i.e., bouqueteditor/api/addbouquet?name=) leads to Stored XSS. | ||||
| CVE-2021-38087 | 1 Acronis | 1 Cyber Protect | 2024-11-21 | 6.1 Medium |
| Reflected cross-site scripting (XSS) was possible on the login page in Acronis Cyber Protect 15 prior to build 27009. | ||||
| CVE-2021-37999 | 3 Debian, Fedoraproject, Google | 3 Debian Linux, Fedora, Chrome | 2024-11-21 | 6.1 Medium |
| Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page. | ||||
| CVE-2021-37916 | 1 Joplin Project | 1 Joplin | 2024-11-21 | 6.1 Medium |
| Joplin before 2.0.9 allows XSS via button and form in the note body. | ||||
| CVE-2021-37910 | 1 Asus | 10 Gt-axe11000, Gt-axe11000 Firmware, Rt-ax3000 and 7 more | 2024-11-21 | 3.7 Low |
| ASUS routers Wi-Fi protected access protocol (WPA2 and WPA3-SAE) has improper control of Interaction frequency vulnerability, an unauthenticated attacker can remotely disconnect other users' connections by sending specially crafted SAE authentication frames. | ||||