Export limit exceeded: 46995 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (46995 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2021-3863 | 1 Snipeitapp | 1 Snipe-it | 2024-11-21 | 6.1 Medium |
| snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3862 | 1 Icecoder | 1 Icecoder | 2024-11-21 | 4.8 Medium |
| icecoder is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3857 | 1 Chaskiq | 1 Chaskiq | 2024-11-21 | 5.4 Medium |
| chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3853 | 1 Chaskiq | 1 Chaskiq | 2024-11-21 | 6.1 Medium |
| chaskiq is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3834 | 1 Artica | 1 Integria Ims | 2024-11-21 | 5.4 Medium |
| Integria IMS in its 5.0.92 version does not filter correctly some fields related to the login.php file. An attacker could exploit this vulnerability in order to perform a cross-site scripting attack (XSS). | ||||
| CVE-2021-3831 | 1 Gnuboard | 1 Gnuboard5 | 2024-11-21 | 6.1 Medium |
| gnuboard5 is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3830 | 1 Btcpayserver | 1 Btcpay Server | 2024-11-21 | 5.4 Medium |
| btcpayserver is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3824 | 1 Openvpn | 1 Openvpn Access Server | 2024-11-21 | 6.1 Medium |
| OpenVPN Access Server 2.9.0 through 2.9.4 allow remote attackers to inject arbitrary web script or HTML via the web login page URL. | ||||
| CVE-2021-3816 | 1 Cacti | 1 Cacti | 2024-11-21 | 5.4 Medium |
| Cacti 1.1.38 allows authenticated users with User Management permissions to inject arbitrary HTML in the group_prefix field during the creation of a new group via "Copy" method at user_group_admin.php. | ||||
| CVE-2021-3812 | 1 Pi-hole | 1 Web Interface | 2024-11-21 | 6.1 Medium |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3811 | 1 Pi-hole | 1 Web Interface | 2024-11-21 | 6.1 Medium |
| adminlte is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3785 | 1 Yourls | 1 Yourls | 2024-11-21 | 5.4 Medium |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3783 | 1 Yourls | 1 Yourls | 2024-11-21 | 6.1 Medium |
| yourls is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3780 | 1 Framasoft | 1 Peertube | 2024-11-21 | 6.1 Medium |
| peertube is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3768 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 5.4 Medium |
| bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3767 | 1 Bookstackapp | 1 Bookstack | 2024-11-21 | 5.4 Medium |
| bookstack is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | ||||
| CVE-2021-3694 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 8.2 High |
| LedgerSMB does not sufficiently HTML-encode error messages sent to the browser. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | ||||
| CVE-2021-3693 | 2 Debian, Ledgersmb | 2 Debian Linux, Ledgersmb | 2024-11-21 | 8.8 High |
| LedgerSMB does not check the origin of HTML fragments merged into the browser's DOM. By sending a specially crafted URL to an authenticated user, this flaw can be abused for remote code execution and information disclosure. | ||||
| CVE-2021-3672 | 6 C-ares Project, Fedoraproject, Nodejs and 3 more | 19 C-ares, Fedora, Node.js and 16 more | 2024-11-21 | 5.6 Medium |
| A flaw was found in c-ares library, where a missing input validation check of host names returned by DNS (Domain Name Servers) can lead to output of wrong hostnames which might potentially lead to Domain Hijacking. The highest threat from this vulnerability is to confidentiality and integrity as well as system availability. | ||||
| CVE-2021-3662 | 1 Hp | 2 Futuresmart 4, Futuresmart 5 | 2024-11-21 | 5.4 Medium |
| Certain HP Enterprise LaserJet and PageWide MFPs may be vulnerable to stored cross site scripting (XSS). | ||||