Search Results (366574 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-30113 1 Web-school 1 Enterprise Resource Planning 2024-11-21 6.1 Medium
A blind XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in event name and description fields. An attacker can inject a JavaScript code that will be stored in the page. If any visitor sees the event, then the payload will be executed and sends the victim's information to the attacker website.
CVE-2021-30112 1 Web-school 1 Enterprise Resource Planning 2024-11-21 6.5 Medium
Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege.
CVE-2021-30111 1 Web-school 1 Enterprise Resource Planning 2024-11-21 5.4 Medium
A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.
CVE-2021-30110 1 Greyware 1 Domain Time Ii 2024-11-21 7.5 High
dttray.exe in Greyware Automation Products Inc Domain Time II before 5.2.b.20210331 allows remote attackers to execute arbitrary code via a URL to a malicious update in a spoofed response to the UDP query used to check for updates.
CVE-2021-30109 1 Froala 1 Froala Editor 2024-11-21 6.1 Medium
Froala Editor 3.2.6 is affected by Cross Site Scripting (XSS). Under certain conditions, a base64 crafted string leads to persistent Cross-site scripting (XSS) vulnerability within the hyperlink creation module.
CVE-2021-30108 1 Feehi 1 Feehi Cms 2024-11-21 9.1 Critical
Feehi CMS 2.1.1 is affected by a Server-side request forgery (SSRF) vulnerability. When the user modifies the HTTP Referer header to any url, the server can make a request to it.
CVE-2021-30086 1 Kindsoft 1 Kindeditor 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in KindEditor (Chinese versions) 4.1.12, which can be exploited by an attacker to obtain user cookie information.
CVE-2021-30083 1 Webfairy 1 Mediat 2024-11-21 6.1 Medium
An issue was discovered in Mediat 1.4.1. There is a Reflected XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML without authentication via the 'return' parameter in login.php.
CVE-2021-30082 1 Gris Cms Project 1 Gris Cms 2024-11-21 6.1 Medium
An issue was discovered in Gris CMS v0.1. There is a Persistent XSS vulnerability which allows remote attackers to inject arbitrary web script or HTML via admin/dashboard.
CVE-2021-30081 1 Emlog 1 Emlog 2024-11-21 8.8 High
An issue was discovered in emlog 6.0.0stable. There is a SQL Injection vulnerability that can execute any SQL statement and query server sensitive data via admin/navbar.php?action=add_page.
CVE-2021-30080 1 Beego 1 Beego 2024-11-21 9.8 Critical
An issue was discovered in the route lookup process in beego before 1.12.11 that allows attackers to bypass access control.
CVE-2021-30074 1 Docsifyjs 1 Docsify 2024-11-21 6.1 Medium
docsify 4.12.1 is affected by Cross Site Scripting (XSS) because the search component does not appropriately encode Code Blocks and mishandles the " character.
CVE-2021-30072 1 Dlink 2 Dir-878, Dir-878 Firmware 2024-11-21 9.8 Critical
An issue was discovered in prog.cgi on D-Link DIR-878 1.30B08 devices. Because strcat is misused, there is a stack-based buffer overflow that does not require authentication.
CVE-2021-30071 1 Hestiacp 1 Control Panel 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-30070 1 Hestiacp 1 Hestiacp 2024-11-21 7.5 High
An issue was discovered in HestiaCP before v1.3.5. Attackers are able to arbitrarily install packages due to values taken from the pgk [] parameter in the update request being transmitted to the operating system's package manager.
CVE-2021-30066 2 Belden, Schneider-electric 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more 2024-11-21 6.8 Medium
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an arbitrary firmware image can be loaded because firmware signature verification (for a USB stick) can be bypassed. NOTE: this issue exists because of an incomplete fix of CVE-2017-11400.
CVE-2021-30065 2 Belden, Schneider-electric 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more 2024-11-21 7.5 High
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, crafted ModBus packets can bypass the ModBus enforcer. NOTE: this issue exists because of an incomplete fix of CVE-2017-11401.
CVE-2021-30064 2 Belden, Schneider-electric 26 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 23 more 2024-11-21 9.8 Critical
On Schneider Electric ConneXium Tofino Firewall TCSEFEA23F3F22 before 03.23, TCSEFEA23F3F20/21, and Belden Tofino Xenon Security Appliance, an SSH login can succeed with hardcoded default credentials (if the device is in the uncommissioned state).
CVE-2021-30063 2 Belden, Schneider-electric 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more 2024-11-21 7.5 High
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can cause an OPC enforcer denial of service.
CVE-2021-30062 2 Belden, Schneider-electric 22 Eagle 20 Tofino 943 987-501-tx\/tx, Eagle 20 Tofino 943 987-501-tx\/tx Firmware, Eagle 20 Tofino 943 987-502 -tx\/mm and 19 more 2024-11-21 7.5 High
On Schneider Electric ConneXium Tofino OPCLSM TCSEFM0000 before 03.23 and Belden Tofino Xenon Security Appliance, crafted OPC packets can bypass the OPC enforcer.