Search Results (367102 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-43761 1 Adobe 2 Experience Manager, Experience Manager Cloud Service 2024-11-21 8 High
AEM's Cloud Service offering, as well as versions 6.5.7.0 (and below), 6.4.8.3 (and below) and 6.3.3.8 (and below) are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page containing the vulnerable field.
CVE-2021-43745 1 Trillium Notes Project 1 Trillum Notes 2024-11-21 5.5 Medium
A Denial of Service vulnerabilty exists in Trilium Notes 0.48.6 in the setupPage function
CVE-2021-43742 1 Cmsimple 1 Cmsimple 2024-11-21 5.4 Medium
CMSimple 5.4 is vulnerable to Cross Site Scripting (XSS) via the file upload feature.
CVE-2021-43741 1 Cmsimple 1 Cmsimple 2024-11-21 9.8 Critical
CMSimple 5.4 is vulnerable to Directory Traversal. The vulnerability exists when a user changes the file name to malicious file on config.php leading to remote code execution.
CVE-2021-43738 1 Xiaohuanxiong Cms Project 1 Xiaohuanxiong Cms 2024-11-21 8.8 High
An issue was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can that can add the administrator account.
CVE-2021-43737 1 Xiaohuanxiong Project 1 Xiaohuanxiong Cms 2024-11-21 6.5 Medium
An issus was discovered in xiaohuanxiong CMS 5.0.17. There is a CSRF vulnerability that can modify administrator account's password.
CVE-2021-43736 1 Cmswing 1 Cmswing 2024-11-21 9.8 Critical
CmsWing CMS 1.3.7 is affected by a Remote Code Execution (RCE) vulnerability via parameter: log rule
CVE-2021-43735 1 Cmswing 1 Cmswing 2024-11-21 9.8 Critical
CmsWing 1.3.7 is affected by a SQLi vulnerability via parameter: behavior rule.
CVE-2021-43734 1 Keking 1 Kkfileview 2024-11-21 7.5 High
kkFileview v4.0.0 has arbitrary file read through a directory traversal vulnerability which may lead to sensitive file leak on related host.
CVE-2021-43729 1 Pix-link 2 Lv-wr09, Lv-wr09 Firmware 2024-11-21 5.4 Medium
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized Security Key parameter.
CVE-2021-43728 1 Pix-link 2 Lv-wr09, Lv-wr09 Firmware 2024-11-21 5.4 Medium
Pix-Link MiNi Router 28K.MiniRouter.20190211 was discovered to contain a stored cross-site scripting (XSS) vulnerability due to an unsanitized SSID parameter.
CVE-2021-43725 1 Spotweb Project 1 Spotweb 2024-11-21 6.1 Medium
There is a Cross Site Scripting (XSS) vulnerability in SpotPage_login.php of Spotweb 1.5.1 and below, which allows remote attackers to inject arbitrary web script or HTML via the data[performredirect] parameter.
CVE-2021-43724 1 Intelliants 1 Subrion Cms 2024-11-21 4.8 Medium
A Cross Site Scripting (XSS) vulnerability exits in Subrion CMS through 4.2.1 in the Create Page functionality of the admin Account via a SGV file.
CVE-2021-43722 1 Dlink 2 Dir-645, Dir-645 Firmware 2024-11-21 9.8 Critical
D-Link DIR-645 1.03 A1 is vulnerable to Buffer Overflow. The hnap_main function in the cgibin handler uses sprintf to format the soapaction header onto the stack and has no limit on the size.
CVE-2021-43721 1 Leanote 1 Leanote 2024-11-21 6.1 Medium
Leanote 2.7.0 is vulnerable to Cross Site Scripting (XSS) in the markdown type note. This leads to remote code execution with payload : <video src=x onerror=(function(){require('child_process').exec('calc');})();>
CVE-2021-43712 1 Employee Daily Task Management System Project 1 Employee Daily Task Management System 2024-11-21 5.4 Medium
Stored XSS in Add New Employee Form in Sourcecodester Employee Daily Task Management System 1.0 Allows Remote Attacker to Inject/Store Arbitrary Code via the Name Field.
CVE-2021-43711 1 Totolink 2 Ex200, Ex200 Firmware 2024-11-21 9.8 Critical
The downloadFlile.cgi binary file in TOTOLINK EX200 V4.0.3c.7646_B20201211 has a command injection vulnerability when receiving GET parameters. The parameter name can be constructed for unauthenticated command execution.
CVE-2021-43708 1 Helpsystems 1 Titus Data Classification 2024-11-21 5.5 Medium
The Labeling tool in Titus Classification Suite 18.8.1910.140 allows users to avoid the generation of a classification label by using Excel's safe mode.
CVE-2021-43707 1 Maccms 1 Maccms 2024-11-21 6.1 Medium
Cross Site Scripting (XSS) vulnerability exists in Maccms v10 via link_Name parameter.
CVE-2021-43703 1 Zzcms 1 Zzcms 2024-11-21 9.8 Critical
An Incorrect Access Control vulnerability exists in zzcms less than or equal to 2019 via admin.php. After disabling JavaScript, you can directly access the administrator console.