Export limit exceeded: 47176 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47176 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43324 1 Librenms 1 Librenms 2024-11-21 6.1 Medium
LibreNMS through 21.10.2 allows XSS via a widget title.
CVE-2021-43295 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Accounts module.
CVE-2021-43294 1 Zohocorp 1 Manageengine Supportcenter Plus 2024-11-21 6.1 Medium
Zoho ManageEngine SupportCenter Plus before 11016 is vulnerable to Reflected XSS in the Products module.
CVE-2021-43288 1 Thoughtworks 1 Gocd 2024-11-21 5.4 Medium
An issue was discovered in ThoughtWorks GoCD before 21.3.0. An attacker in control of a GoCD Agent can plant malicious JavaScript into a failed Job Report.
CVE-2021-43284 1 Govicture 2 Wr1200, Wr1200 Firmware 2024-11-21 7.8 High
An issue was discovered on Victure WR1200 devices through 1.0.3. The root SSH password never gets updated from its default value of admin. This enables an attacker to gain control of the device through SSH (regardless of whether the admin password was changed on the web interface).
CVE-2021-43282 1 Govicture 2 Wr1200, Wr1200 Firmware 2024-11-21 6.5 Medium
An issue was discovered on Victure WR1200 devices through 1.0.3. The default Wi-Fi WPA2 key is advertised to anyone within Wi-Fi range through the router's MAC address. The device default Wi-Fi password corresponds to the last 4 bytes of the MAC address of its 2.4 GHz network interface controller (NIC). An attacker within scanning range of the Wi-Fi network can thus scan for Wi-Fi networks to obtain the default key.
CVE-2021-43265 1 Mahara 1 Mahara 2024-11-21 5.4 Medium
In Mahara before 20.04.5, 20.10.3, 21.04.2, and 21.10.0, certain tag syntax could be used for XSS, such as via a SCRIPT element.
CVE-2021-43198 1 Jetbrains 1 Teamcity 2024-11-21 5.4 Medium
In JetBrains TeamCity before 2021.1.2, stored XSS is possible.
CVE-2021-43197 1 Jetbrains 1 Teamcity 2024-11-21 6.1 Medium
In JetBrains TeamCity before 2021.1.2, email notifications could include unescaped HTML for XSS.
CVE-2021-43186 1 Jetbrains 1 Youtrack 2024-11-21 5.4 Medium
JetBrains YouTrack before 2021.3.24402 is vulnerable to stored XSS.
CVE-2021-43184 1 Jetbrains 1 Youtrack 2024-11-21 5.4 Medium
In JetBrains YouTrack before 2021.3.21051, stored XSS is possible.
CVE-2021-43181 1 Jetbrains 1 Hub 2024-11-21 6.1 Medium
In JetBrains Hub before 2021.1.13690, stored XSS is possible.
CVE-2021-43154 1 Cmsmadesimple 1 Cms Made Simple 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in CMS Made Simple 2.2.15 via the Name field in an Add Category action in moduleinterface.php.
CVE-2021-43137 1 Phpgurukul 1 Hostel Management System 2024-11-21 8.8 High
Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) vulnerability exits in hostel management system 2.1 via the name field in my-profile.php. Chaining to this both vulnerabilities leads to account takeover.
CVE-2021-43136 1 Formalms 1 Formalms 2024-11-21 9.8 Critical
An authentication bypass issue in FormaLMS <= 2.4.4 allows an attacker to bypass the authentication mechanism and obtain a valid access to the platform.
CVE-2021-43081 1 Fortinet 2 Fortios, Fortiproxy 2024-11-21 6.1 Medium
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.0.3 and below, 6.4.8 and below, 6.2.10 and below, 6.0.14 to 6.0.0. and in FortiProxy version 7.0.1 and below, 2.0.7 to 2.0.0 web filter override form may allow an unauthenticated attacker to perform an XSS attack via crafted HTTP GET requests.
CVE-2021-43080 1 Fortinet 1 Fortios 2024-11-21 4.6 Medium
An improper neutralization of input during web page generation vulnerability [CWE-79] in FortiOS version 7.2.0, version 6.4.0 through 6.4.9, version 7.0.0 through 7.0.5 may allow an authenticated attacker to perform a stored cross site scripting (XSS) attack through the URI parameter via the Threat Feed IP address section of the Security Fabric External connectors.
CVE-2021-43063 1 Fortinet 1 Fortiweb 2024-11-21 6.1 Medium
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the login webpage.
CVE-2021-43062 1 Fortinet 1 Fortimail 2024-11-21 6.1 Medium
A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiMail version 7.0.1 and 7.0.0, version 6.4.5 and below, version 6.3.7 and below, version 6.0.11 and below allows attacker to execute unauthorized code or commands via crafted HTTP GET requests to the FortiGuard URI protection service.
CVE-2021-43052 1 Tibco 1 Ftl 2024-11-21 9.3 Critical
The Realm Server component of TIBCO Software Inc.'s TIBCO FTL - Community Edition, TIBCO FTL - Developer Edition, and TIBCO FTL - Enterprise Edition contains an easily exploitable vulnerability that allows authentication bypass due to a hard coded secret used in the default realm server of the affected system. Affected releases are TIBCO Software Inc.'s TIBCO FTL - Community Edition: versions 6.7.2 and below, TIBCO FTL - Developer Edition: versions 6.7.2 and below, and TIBCO FTL - Enterprise Edition: versions 6.7.2 and below.