Export limit exceeded: 363719 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 47159 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (47159 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-3043 1 Paloaltonetworks 1 Prisma Cloud 2024-11-21 7.5 High
A reflected cross-site scripting (XSS) vulnerability exists in the Prisma Cloud Compute web console that enables a remote attacker to execute arbitrary JavaScript code in the browser-based web console while an authenticated administrator is using that web interface. Prisma Cloud Compute SaaS versions were automatically upgraded to the fixed release. No additional action is required for these instances. This issue impacts: Prisma Cloud Compute 20.12 versions earlier than Prisma Cloud Compute 20.12.552; Prisma Cloud Compute 21.04 versions earlier than Prisma Cloud Compute 21.04.439.
CVE-2021-3026 1 Invisioncommunity 1 Ips Community Suite 2024-11-21 6.1 Medium
Invision Community IPS Community Suite before 4.5.4.2 allows XSS during the quoting of a post or comment.
CVE-2021-3014 1 Mikrotik 1 Routeros 2024-11-21 6.1 Medium
In MikroTik RouterOS through 2021-01-04, the hotspot login page is vulnerable to reflected XSS via the target parameter.
CVE-2021-3012 1 Esri 1 Arcgis Enterprise 2024-11-21 5.4 Medium
A cross-site scripting (XSS) vulnerability in the Document Link of documents in ESRI Enterprise before 10.9 allows remote authenticated users to inject arbitrary JavaScript code via a malicious HTML attribute such as onerror (in the URL field of the Parameters tab).
CVE-2021-3010 1 Opentext 1 Content Server 2024-11-21 5.4 Medium
There are multiple persistent cross-site scripting (XSS) vulnerabilities in the web interface of OpenText Content Server Version 20.3. The application allows a remote attacker to introduce arbitrary JavaScript by crafting malicious form values that are later not sanitized.
CVE-2021-3002 1 Seopanel 1 Seo Panel 2024-11-21 6.1 Medium
Seo Panel 4.8.0 allows reflected XSS via the seo/seopanel/login.php?sec=forgot email parameter.
CVE-2021-39946 1 Gitlab 1 Gitlab 2024-11-21 8.7 High
Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis
CVE-2021-39910 1 Gitlab 1 Gitlab 2024-11-21 2.6 Low
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
CVE-2021-39906 1 Gitlab 1 Gitlab 2024-11-21 8.7 High
Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.
CVE-2021-39887 1 Gitlab 1 Gitlab 2024-11-21 7.3 High
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary JavaScript code on the victim's behalf.
CVE-2021-39885 1 Gitlab 1 Gitlab 2024-11-21 8.7 High
A Stored XSS in merge request creation page in all versions of Gitlab EE starting from 13.7 before 14.1.7, all versions starting from 14.2 before 14.2.5, and all versions starting from 14.3 before 14.3.1 allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names
CVE-2021-39878 1 Gitlab 1 Gitlab 2024-11-21 5.8 Medium
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary javascript code.
CVE-2021-39615 1 Dlink 2 Dsr-500n, Dsr-500n Firmware 2024-11-21 9.8 Critical
D-Link DSR-500N version 1.02 contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file.If an attacker succeeds in recovering the cleartext password of the identified hash value, he will be able to log in via SSH or Telnet and thus gain access to the underlying embedded Linux operating system on the device. Fixed in version 2.12/2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-39614 1 Dlink 2 Dvx-2000ms, Dvx-2000ms Firmware 2024-11-21 9.8 Critical
D-Link DVX-2000MS contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values.
CVE-2021-39613 1 Dlink 2 Dvg-3104ms, Dvg-3104ms Firmware 2024-11-21 8.8 High
D-Link DVG-3104MS version 1.0.2.0.3, 1.0.2.0.4, and 1.0.2.0.4E contains hard-coded credentials for undocumented user accounts in the '/etc/passwd' file. As weak passwords have been used, the plaintext passwords can be recovered from the hash values. NOTE: This vulnerability only affects products that are no longer supported by the maintainer
CVE-2021-39609 1 Flatcore 1 Flatcore-cms 2024-11-21 5.4 Medium
Cross Site Scripting (XSS) vulnerability exiss in FlatCore-CMS 2.0.7 via the upload image function.
CVE-2021-39599 1 Cxuu 1 Cxuucms 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exists in CXUUCMS 3.1 in the search and c parameters in (1) public/search.php and in the (2) c parameter in admin.php.
CVE-2021-39499 1 Eyoucms 1 Eyoucms 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVE-2021-39496 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2021-39491 1 Rengine Project 1 Rengine 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .