Search Results (366603 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2021-40928 1 Glimmrtv 1 Flextv 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter.
CVE-2021-40927 1 Alfred-spotify-mini-player 1 Alfred Spotify Mini Player 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter.
CVE-2021-40926 1 Getid3 1 Getid3 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter.
CVE-2021-40925 1 Faveohelpdesk 1 Faveo 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"] parameter.
CVE-2021-40924 1 Pixeline 1 Bugs 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter.
CVE-2021-40923 1 Pixeline 1 Bugs 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter.
CVE-2021-40922 1 Pixeline 1 Bugs 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter.
CVE-2021-40921 1 Detector Project 1 Detector 2024-11-21 6.1 Medium
Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter.
CVE-2021-40910 1 Phpcms 1 Phpcms 2024-11-21 6.1 Medium
There is a reflective cross-site scripting (XSS) vulnerability in the PHPCMS V9.6.3 management side.
CVE-2021-40909 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial Project 1 Php Crud Without Refresh\/reload Using Ajax And Datatables Tutorial 2024-11-21 9.6 Critical
Cross site scripting (XSS) vulnerability in sourcecodester PHP CRUD without Refresh/Reload using Ajax and DataTables Tutorial v1 by oretnom23, allows remote attackers to execute arbitrary code via the first_name, last_name, and email parameters to /ajax_crud.
CVE-2021-40908 1 Purchase Order Management System Project 1 Purchase Order Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Login.php in Sourcecodester Purchase Order Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter.
CVE-2021-40907 1 Storage Unit Rental Management System Project 1 Storage Unit Rental Management System 2024-11-21 9.8 Critical
SQL injection vulnerability in Sourcecodester Storage Unit Rental Management System v1 by oretnom23, allows attackers to execute arbitrary SQL commands via the username parameter to /storage/classes/Login.php.
CVE-2021-40906 2 Checkmk, Tribe29 2 Checkmk, Checkmk 2024-11-21 6.1 Medium
CheckMK Raw Edition software (versions 1.5.0 to 1.6.0) does not sanitise the input of a web service parameter that is in an unauthenticated zone. This Reflected XSS allows an attacker to open a backdoor on the device with HTML content and interpreted by the browser (such as JavaScript or other client-side scripts) or to steal the session cookies of a user who has previously authenticated via a man in the middle. Successful exploitation requires access to the web service resource without authentication.
CVE-2021-40904 1 Checkmk 1 Checkmk 2024-11-21 8.8 High
The web management console of CheckMK Raw Edition (versions 1.5.0 to 1.6.0) allows a misconfiguration of the web-app Dokuwiki (installed by default), which allows embedded php code. As a result, remote code execution is achieved. Successful exploitation requires access to the web management interface, either with valid credentials or with a hijacked session by a user with the role of administrator.
CVE-2021-40903 1 Antminer Monitor Project 1 Antminer Monitor 2024-11-21 9.8 Critical
A vulnerability in Antminer Monitor 0.50.0 exists because of backdoor or misconfiguration inside a settings file in flask server. Settings file has a predefined secret string, which would be randomly generated, however it is static.
CVE-2021-40902 1 Flatcore 1 Flatcore-cms 2024-11-21 5.4 Medium
flatCore-CMS version 2.0.8 is affected by Cross Site Scripting (XSS) in the "Create New Page" option through the index page.
CVE-2021-40901 1 Scniro-validator Project 1 Scniro-validator 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scniro-validator v1.0.1 when validating crafted invalid emails.
CVE-2021-40900 1 Regexfn Project 1 Regexfn 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in regexfn v1.0.5 when validating crafted invalid emails.
CVE-2021-40899 1 Repo-git-downloader Project 1 Repo-git-downloader 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in repo-git-downloader v0.1.1 when downloading crafted invalid git repositories.
CVE-2021-40898 1 Scaffold-helper Project 1 Scaffold-helper 2024-11-21 7.5 High
A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in scaffold-helper v1.2.0 when copying crafted invalid files.