Export limit exceeded: 47163 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (47163 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3866 | 1 Zulip | 1 Zulip | 2024-11-21 | 5.4 Medium |
| Cross-site Scripting (XSS) - Stored in GitHub repository zulip/zulip more than and including 44f935695d452cc3fb16845a0c6af710438b153d and prior to 3eb2791c3e9695f7d37ffe84e0c2184fae665cb6. | ||||
| CVE-2021-3863 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.1 Medium |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3862 | 1 Icecoder | 1 Icecoder | 2024-11-21 | 4.8 Medium |
| icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3857 | 1 Chaskiq | 1 Chaskiq | 2024-11-21 | 5.4 Medium |
| chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3853 | 1 Chaskiq | 1 Chaskiq | 2024-11-21 | 6.1 Medium |
| chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3834 | 1 Artica | 1 Integria Ims | 2024-11-21 | 5.4 Medium |
| Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). | ||||
| CVE-2021-3831 | 1 Gnuboard | 1 Gnuboard5 | 2024-11-21 | 6.1 Medium |
| gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3830 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.4 Medium |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3824 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 6.1 Medium |
| OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. | ||||
| CVE-2021-3816 | 1 Cacti | 1 Cacti | 2024-11-21 | 5.4 Medium |
| Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php. | ||||
| CVE-2021-3812 | 1 Pi-hole | 1 Web Interface | 2024-11-21 | 6.1 Medium |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3811 | 1 Pi-hole | 1 Web Interface | 2024-11-21 | 6.1 Medium |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3785 | 1 Yourls | 1 Yourls | 2024-11-21 | 5.4 Medium |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3783 | 1 Yourls | 1 Yourls | 2024-11-21 | 6.1 Medium |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3780 | 1 Framasoft | 1 Peertube | 2024-11-21 | 6.1 Medium |
| peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3768 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 5.4 Medium |
| bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3767 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 5.4 Medium |
| bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3694 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 8.2 High |
| LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | ||||
| CVE-2021-3693 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 8.8 High |
| LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | ||||
| CVE-2021-3672 | 6 C-ares Project, Fedoraproject, Nodejs and 3 more | 19 C-ares, Fedora, Node.js and 16 more | 2024-11-21 | 5.6 Medium |
| A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | ||||