Export limit exceeded: 47163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-40903 | 1 Antminer Monitor Project | 1 Antminer Monitor | 2024-11-21 | 9.8 Critical |
| A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static. | ||||
| CVE-2021-40902 | 1 Flatcore | 1 Flatcore-cms | 2024-11-21 | 5.4 Medium |
| flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page. | ||||
| CVE-2021-40888 | 1 Projectsend | 1 Projectsend | 2024-11-21 | 5.4 Medium |
| Projectsend version r1295 is affected by Cross Site Scripting (XSS) due to lack of sanitization when echo output data in returnFilesIds() function. A low privilege user can call this function through process.php file and execute scripting code. | ||||
| CVE-2021-40882 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 6.1 Medium |
| A Cross Site Scripting (XSS) vulnerability exists in Piwigo 11.5.0 via the system album name and description of the location. | ||||
| CVE-2021-40868 | 1 Cloudron | 1 Cloudron | 2024-11-21 | 6.1 Medium |
| In Cloudron 6.2, the returnTo parameter on the login page is vulnerable to Reflected XSS. | ||||
| CVE-2021-40840 | 1 Liveconfig | 1 Liveconfig | 2024-11-21 | 5.4 Medium |
| A Stored XSS issue exists in the admin/users user administration form in LiveConfig 2.12.2. | ||||
| CVE-2021-40813 | 1 Element-it | 1 Http Commander | 2024-11-21 | 5.4 Medium |
| A cross-site scripting (XSS) vulnerability in the "Zip content" feature in Element-IT HTTP Commander 3.1.9 allows remote authenticated users to inject arbitrary web script or HTML via filenames. | ||||
| CVE-2021-40678 | 1 Piwigo | 1 Piwigo | 2024-11-21 | 5.4 Medium |
| In Piwigo 11.5.0, there exists a persistent cross-site scripting in the single mode function through /admin.php?page=batch_manager&mode=unit. | ||||
| CVE-2021-40658 | 1 Textpattern | 1 Textpattern | 2024-11-21 | 4.8 Medium |
| Textpattern 4.8.7 is affected by a HTML injection vulnerability through “Content>Write>Body”. | ||||
| CVE-2021-40637 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| OS4ED openSIS 8.0 is affected by cross-site scripting (XSS) in EmailCheckOthers.php. An attacker can inject JavaScript code to get the user's cookie and take over the working session of user. | ||||
| CVE-2021-40610 | 1 Emlog Pro Project | 1 Emlog Pro | 2024-11-21 | 5.4 Medium |
| Emlog Pro v 1.0.4 cross-site scripting (XSS) in Emlog Pro background management. | ||||
| CVE-2021-40597 | 1 Edimax | 2 Ic-3140w, Ic-3140w Firmware | 2024-11-21 | 9.8 Critical |
| The firmware of EDIMAX IC-3140W Version 3.11 is hardcoded with Administrator username and password. | ||||
| CVE-2021-40577 | 1 Online Enrollment Management System Project | 1 Online Enrollment Management System | 2024-11-21 | 5.4 Medium |
| A Stored Cross Site Scripting (XSS) vulnerability exists in Sourcecodester Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 in the Add-Users page via the Name parameter. | ||||
| CVE-2021-40542 | 1 Os4ed | 1 Opensis | 2024-11-21 | 6.1 Medium |
| Opensis-Classic Version 8.0 is affected by cross-site scripting (XSS). An unauthenticated user can inject and execute JavaScript code through the link_url parameter in Ajax_url_encode.php. | ||||
| CVE-2021-40541 | 1 Php-fusion | 1 Phpfusion | 2024-11-21 | 6.1 Medium |
| PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text. | ||||
| CVE-2021-40519 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 10.0 Critical |
| Airangel HSMX Gateway devices through 5.2.04 have Hard-coded Database Credentials. | ||||
| CVE-2021-40517 | 1 Airangel | 10 Hsmx-app-100, Hsmx-app-1000, Hsmx-app-1000 Firmware and 7 more | 2024-11-21 | 5.4 Medium |
| Airangel HSMX Gateway devices through 5.2.04 is vulnerable to stored Cross Site Scripting. XSS Payload is placed in the name column of the updates table using database access. | ||||
| CVE-2021-40509 | 1 Jforum | 1 Jforum | 2024-11-21 | 5.4 Medium |
| ViewCommon.java in JForum2 2.7.0 allows XSS via a user signature. | ||||
| CVE-2021-40494 | 1 Adaptivescale | 1 Lxdui | 2024-11-21 | 9.8 Critical |
| A Hardcoded JWT Secret Key in metadata.py in AdaptiveScale LXDUI through 2.1.3 allows attackers to gain admin access to the host system. | ||||
| CVE-2021-40492 | 1 Gibbonedu | 1 Gibbon | 2024-11-21 | 6.1 Medium |
| A reflected XSS vulnerability exists in multiple pages in version 22 of the Gibbon application that allows for arbitrary execution of JavaScript (gibbonCourseClassID, gibbonPersonID, subpage, currentDate, or allStudents to index.php). | ||||