Export limit exceeded: 45662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-27564 | 1 Appspace | 1 Appspace | 2024-11-21 | 5.4 Medium |
| A stored XSS issue exists in Appspace 6.2.4. After a user is authenticated and enters an XSS payload under the groups section of the network tab, it is stored as the group name. Whenever another member visits that group, this payload executes. | ||||
| CVE-2021-27559 | 1 Monicahq | 1 Monica | 2024-11-21 | 5.4 Medium |
| The Contact page in Monica 2.19.1 allows stored XSS via the Nickname field. | ||||
| CVE-2021-27558 | 1 Easycorp | 1 Zentao | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) issue in EasyCorp ZenTao 12.5.3 allows remote attackers to execute arbitrary web script via various areas such as data-link-creator. | ||||
| CVE-2021-27544 | 1 Phpgurukul | 1 Beauty Parlour Management System | 2024-11-21 | 4.8 Medium |
| Cross Site Scripting (XSS) in the "add-services.php" component of PHPGurukul Beauty Parlour Management System v1.0 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "sername" parameter. | ||||
| CVE-2021-27531 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter. | ||||
| CVE-2021-27530 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php. | ||||
| CVE-2021-27529 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter. | ||||
| CVE-2021-27528 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter. | ||||
| CVE-2021-27527 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter. | ||||
| CVE-2021-27526 | 1 Dynpg | 1 Dynpg | 2024-11-21 | 4.8 Medium |
| A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter. | ||||
| CVE-2021-27524 | 1 Margox | 1 Braft-editor | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in margox braft-editor version 2.3.8, allows remote attackers to execute arbitrary code via the embed media feature. | ||||
| CVE-2021-27520 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter. | ||||
| CVE-2021-27519 | 1 Fudforum | 1 Fudforum | 2024-11-21 | 6.1 Medium |
| A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter. | ||||
| CVE-2021-27517 | 1 Foxit | 2 Phantompdf, Reader | 2024-11-21 | 6.1 Medium |
| Foxit PDF SDK For Web through 7.5.0 allows XSS. There is arbitrary JavaScript code execution in the browser if a victim uploads a malicious PDF document containing embedded JavaScript code that abuses app.alert (in the Acrobat JavaScript API). | ||||
| CVE-2021-27503 | 1 Ypsomed | 2 Mylife, Mylife Cloud | 2024-11-21 | 4.8 Medium |
| Ypsomed mylife Cloud, mylife Mobile Application, Ypsomed mylife Cloud: All versions prior to 1.7.2, Ypsomed mylife App: All versions prior to 1.7.5,The application encrypts on the application layer of the communication protocol between the Ypsomed mylife App and mylife Cloud credentials based on hard-coded secrets, which allows man-in-the-middle attackers to tamper with messages. | ||||
| CVE-2021-27481 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.5 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2, The affected products utilize an encryption key in the data exchange process, which is hardcoded. This could allow an attacker to gain access to sensitive information. | ||||
| CVE-2021-27479 | 1 Zoll | 1 Defibrillator Dashboard | 2024-11-21 | 5.4 Medium |
| ZOLL Defibrillator Dashboard, v prior to 2.2,The affected product’s web application could allow a low privilege user to inject parameters to contain malicious scripts to be executed by higher privilege users. | ||||
| CVE-2021-27465 | 1 Emerson | 8 X-stream Enhanced Xefd, X-stream Enhanced Xefd Firmware, X-stream Enhanced Xegk and 5 more | 2024-11-21 | 6.1 Medium |
| A vulnerability has been found in multiple revisions of Emerson Rosemount X-STREAM Gas Analyzer. The affected applications do not validate webpage input, which could allow an attacker to inject arbitrary HTML code into a webpage. This would allow an attacker to modify the page and display incorrect or undesirable data. | ||||
| CVE-2021-27452 | 1 Ge | 2 Mu320e, Mu320e Firmware | 2024-11-21 | 7.8 High |
| The software contains a hard-coded password that could allow an attacker to take control of the merging unit using these hard-coded credentials on the MU320E (all firmware versions prior to v04A00.1). | ||||
| CVE-2021-27440 | 1 Ge | 2 Reason Dr60, Reason Dr60 Firmware | 2024-11-21 | 9.8 Critical |
| The software contains a hard-coded password it uses for its own inbound authentication or for outbound communication to external components on the Reason DR60 (all firmware versions prior to 02A04.1). | ||||