Search Results (363288 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-39499 1 Eyoucms 1 Eyoucms 2024-11-21 6.1 Medium
A Cross-site scripting (XSS) vulnerability in Users in Qiong ICP EyouCMS 1.5.4 allows remote attackers to inject arbitrary web script or HTML via the `title` parameter in bind_email function.
CVE-2021-39497 1 Eyoucms 1 Eyoucms 2024-11-21 9.8 Critical
eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject a url to trigger blind SSRF via the saveRemote() function.
CVE-2021-39496 1 Eyoucms 1 Eyoucms 2024-11-21 5.4 Medium
Eyoucms 1.5.4 lacks sanitization of input data, allowing an attacker to inject malicious code into `filename` param to trigger Reflected XSS.
CVE-2021-39491 1 Rengine Project 1 Rengine 2024-11-21 5.4 Medium
A Cross Site Scripting (XSS) vulnerability exists in Yogesh Ojha reNgine v1.0 via the Scan Engine name file in the Scan Engine deletion confirmation modal box . .
CVE-2021-39486 1 Gilacms 1 Gila Cms 2024-11-21 5.4 Medium
A Stored XSS via Malicious File Upload exists in Gila CMS version 2.2.0. An attacker can use this to steal cookies, passwords or to run arbitrary code on a victim's browser.
CVE-2021-39480 1 Bingrep Project 1 Bingrep 2024-11-21 7.5 High
Bingrep v0.8.5 was discovered to contain a memory allocation failure which can cause a Denial of Service (DoS).
CVE-2021-39474 1 Ubeeinteractive 2 Ubc1319, Ubc1319 Firmware 2024-11-21 7.2 High
Vulnerability in the product Docsis 3.0 UBC1319BA00 Router supported affected version 1319010201r009. The vulnerability allows an attacker with privileges and network access through the ping.cmd component to execute commands on the device.
CVE-2021-39459 1 Redaxo 1 Redaxo 2024-11-21 7.2 High
Remote code execution in the modules component in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user to execute code on the hosting system via a module containing malicious PHP code.
CVE-2021-39458 1 Redaxo 1 Redaxo 2024-11-21 6.5 Medium
Triggering an error page of the import process in Yakamara Media Redaxo CMS version 5.12.1 allows an authenticated CMS user has to alternate the files of a vaild file backup. This leads of leaking the database credentials in the environment variables.
CVE-2021-39433 1 Biqs 1 Biqsdrive 2024-11-21 7.5 High
A local file inclusion (LFI) vulnerability exists in version BIQS IT Biqs-drive v1.83 and below when sending a specific payload as the file parameter to download/index.php. This allows the attacker to read arbitrary files from the server with the permissions of the configured web-user.
CVE-2021-39425 1 Seeddms 1 Seeddms 2024-11-21 6.1 Medium
SeedDMS v6.0.15 was discovered to contain an open redirect vulnerability. An attacker may exploit this vulnerability to redirect users to arbitrary web URLs by tricking the victim users to click on crafted links.
CVE-2021-39421 1 Seeddms 1 Seeddms 2024-11-21 6.1 Medium
A cross-site scripting (XSS) vulnerability in SeedDMS v6.0.15 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2021-39420 1 Vfront 1 Vfront 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exist in VFront 0.99.5 via the (1) s parameter in search_all.php and the (2) msg parameter in add.attach.php.
CVE-2021-39416 1 Remoteclinic 1 Remote Clinic 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exists in Remote Clinic v2.0 in (1) patients/register-patient.php via the (a) Contact, (b) Email, (c) Weight, (d) Profession, (e) ref_contact, (f) address, (g) gender, (h) age, and (i) serial parameters; in (2) patients/edit-patient.php via the (a) Contact, (b) Email, (c) Weight, Profession, (d) ref_contact, (e) address, (f) serial, (g) age, and (h) gender parameters; in (3) staff/edit-my-profile.php via the (a) Title, (b) First Name, (c) Last Name, (d) Skype, and (e) Address parameters; and in (4) clinics/settings.php via the (a) portal_name, (b) guardian_short_name, (c) guardian_name, (d) opening_time, (e) closing_time, (f) access_level_5, (g) access_level_4, (h) access_level_ 3, (i) access_level_2, (j) access_level_1, (k) currency, (l) mobile_number, (m) address, (n) patient_contact, (o) patient_address, and (p) patient_email parameters.
CVE-2021-39413 1 Seopanel 1 Seo Panel 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exits in SEO Panel v4.8.0 via the (1) to_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, and (j) reports.php; the (2) from_time parameter in (a) backlinks.php, (b) analytics.php, (c) log.php, (d) overview.php, (e) pagespeed.php, (f) rank.php, (g) review.php, (h) saturationchecker.php, (i) social_media.php, (j) webmaster-tools.php, and (k) reports.php; the (3) order_col parameter in (a) analytics.php, (b) review.php, (c) social_media.php, and (d) webmaster-tools.php; and the (4) pageno parameter in (a) alerts.php, (b) log.php, (c) keywords.php, (d) proxy.php, (e) searchengine.php, and (f) siteauditor.php.
CVE-2021-39412 1 Shopping Portal Project 1 Shopping Portal 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exists in PHPGurukul Shopping v3.1 via the (1) callback parameter in (a) server_side/scripts/id_jsonp.php, (b) server_side/scripts/jsonp.php, and (c) scripts/objects_jsonp.php, the (2) value parameter in examples_support/editable_ajax.php, and the (3) PHP_SELF parameter in captcha/index.php.
CVE-2021-39411 1 Phpgurukul 1 Hospital Management System 2024-11-21 6.1 Medium
Multiple Cross Site Scripting (XSS) vulnerabilities exist in PHPGurukul Hospital Management System 4.0 via the (1) searchdata parameter in (a) doctor/search.php and (b) admin/patient-search.php, and the (2) fromdate and (3) todate parameters in admin/betweendates-detailsreports.php.
CVE-2021-39409 1 Online Student Rate System Project 1 Online Student Rate System 2024-11-21 9.8 Critical
A vulnerability exists in Online Student Rate System v1.0 that allows any user to register as an administrator without needing to be authenticated.
CVE-2021-39408 1 Online Student Rate System Project 1 Online Student Rate System 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in Online Student Rate System 1.0 via the page parameter on the index.php file
CVE-2021-39404 1 Maianaffiliate 1 Maianaffiliate 2024-11-21 4.8 Medium
MaianAffiliate v1.0 allows an authenticated administrative user to save an XSS to the database.