Export limit exceeded: 45662 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (45662 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-26968 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 4.8 Medium |
| A remote authenticated stored cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow an authenticated remote attacker to conduct a stored cross-site scripting (XSS) attack against a user of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the affected interface. | ||||
| CVE-2021-26967 | 1 Arubanetworks | 1 Airwave | 2024-11-21 | 6.1 Medium |
| A remote reflected cross-site scripting (xss) vulnerability was discovered in Aruba AirWave Management Platform version(s): Prior to 8.2.12.0. A vulnerability in the web-based management interface of AirWave could allow a remote attacker to conduct a reflected cross-site scripting (XSS) attack against a user of certain components of the interface. A successful exploit could allow an attacker to execute arbitrary script code in a victim’s browser in the context of the AirWave management interface. | ||||
| CVE-2021-26947 | 1 Odoo | 1 Odoo | 2024-11-21 | 6.1 Medium |
| Cross-site scripting (XSS) issue Odoo Community 15.0 and earlier and Odoo Enterprise 15.0 and earlier, allows remote attackers to inject arbitrary web script in the browser of a victim, via a crafted link. | ||||
| CVE-2021-26938 | 1 Henriquedornas | 1 Henriquedornas | 2024-11-21 | 5.4 Medium |
| A stored XSS issue exists in henriquedornas 5.2.17 via online live chat. NOTE: Third parties report that no such product exists. That henriquedornas is the web design agency and 5.2.17 is simply the PHP version running on this hosts | ||||
| CVE-2021-26929 | 2 Debian, Horde | 2 Debian Linux, Groupware | 2024-11-21 | 6.1 Medium |
| An XSS issue was discovered in Horde Groupware Webmail Edition through 5.2.22 (where the Horde_Text_Filter library before 2.3.7 is used). The attacker can send a plain text e-mail message, with JavaScript encoded as a link or email that is mishandled by preProcess in Text2html.php, because bespoke use of \x00\x00\x00 and \x01\x01\x01 interferes with XSS defenses. | ||||
| CVE-2021-26925 | 2 Fedoraproject, Roundcube | 2 Fedora, Webmail | 2024-11-21 | 5.4 Medium |
| Roundcube before 1.4.11 allows XSS via crafted Cascading Style Sheets (CSS) token sequences during HTML email rendering. | ||||
| CVE-2021-26924 | 1 Argoproj | 1 Argo Cd | 2024-11-21 | 6.1 Medium |
| An issue was discovered in Argo CD before 1.8.4. Browser XSS protection is not activated due to the missing XSS protection header. | ||||
| CVE-2021-26916 | 1 Nopcommerce | 1 Nopcommerce | 2024-11-21 | 6.1 Medium |
| In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs discountcode parameter. | ||||
| CVE-2021-26903 | 1 Isida | 1 Retriever | 2024-11-21 | 6.1 Medium |
| LMA ISIDA Retriever 5.2 is vulnerable to XSS via query['text']. | ||||
| CVE-2021-26844 | 1 Poweradmin | 1 Pa Server Monitor | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe. | ||||
| CVE-2021-26835 | 1 Zettlr | 1 Zettlr | 2024-11-21 | 6.1 Medium |
| No filtering of cross-site scripting (XSS) payloads in the markdown-editor in Zettlr 1.8.7 allows attackers to perform remote code execution via a crafted file. | ||||
| CVE-2021-26834 | 1 Znote | 1 Znote | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability exists in Znote 0.5.2. An attacker can insert payloads, and the code execution will happen immediately on markdown view mode. | ||||
| CVE-2021-26832 | 1 Priority-software | 1 Priority Enterprise Management System | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in the "Reset Password" page form of Priority Enterprise Management System v8.00 allows attackers to execute javascript on behalf of the victim by sending a malicious URL or directing the victim to a malicious site. | ||||
| CVE-2021-26812 | 1 Jitsi | 1 Meet | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) in the Jitsi Meet 2.7 through 2.8.3 plugin for Moodle via the "sessionpriv.php" module. This allows attackers to craft a malicious URL, which when clicked on by users, can inject javascript code to be run by the application. | ||||
| CVE-2021-26799 | 1 Omeka | 1 Omeka | 2024-11-21 | 6.1 Medium |
| Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. | ||||
| CVE-2021-26787 | 1 Genesys | 1 Workforce Management | 2024-11-21 | 6.1 Medium |
| A cross site scripting (XSS) vulnerability in Genesys Workforce Management 8.5.214.20 can occur (during record deletion) via the Time-off parameter. | ||||
| CVE-2021-26776 | 1 Cszcms | 1 Csz Cms | 2024-11-21 | 5.4 Medium |
| CSZ CMS 1.2.9 is affected by a cross-site scripting (XSS) vulnerability in multiple pages through the field name. | ||||
| CVE-2021-26746 | 1 Chamilo | 1 Chamilo | 2024-11-21 | 6.1 Medium |
| Chamilo 1.11.14 allows XSS via a main/calendar/agenda_list.php?type= URI. | ||||
| CVE-2021-26723 | 1 Jenzabar | 1 Jenzabar | 2024-11-21 | 6.1 Medium |
| Jenzabar 9.2.x through 9.2.2 allows /ics?tool=search&query= XSS. | ||||
| CVE-2021-26722 | 1 Linkedin | 1 Oncall | 2024-11-21 | 6.1 Medium |
| LinkedIn Oncall through 1.4.0 allows reflected XSS via /query because of mishandling of the "No results found for" message in the search bar. | ||||