CVEs and Security Vulnerabilities

Search

Use the Query Builder to create your own search query, or check out the documentation to learn the search syntax.

Search Examples

CVEs in KEV CVEs with EPSS >= 80% Crit. Microsoft High Apache SQL Injection (CWE-89) Linux Kernel High (CVSS 3.1) Apache Struts RCE (Remote Code Execution) XSS (CWE-79) Critical (CVSS 4.0) CVEs to check

Search Results (43364 CVEs found)

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2021-21801	1 Advantech	1 R-seenet	2024-11-21	6.1 Medium
This vulnerability is present in device_graph_page.php script, which is a part of the Advantech R-SeeNet web applications. A specially crafted URL by an attacker and visited by a victim can lead to arbitrary JavaScript code execution.
CVE-2021-21800	1 Advantech	1 R-seenet	2024-11-21	6.1 Medium
Cross-site scripting vulnerabilities exist in the ssh_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2021-21799	1 Advantech	1 R-seenet	2024-11-21	6.1 Medium
Cross-site scripting vulnerabilities exist in the telnet_form.php script functionality of Advantech R-SeeNet v 2.4.12 (20.10.2020). If a user visits a specially crafted URL, it can lead to arbitrary JavaScript code execution in the context of the targeted user’s browser. An attacker can provide a crafted URL to trigger this vulnerability.
CVE-2021-21747	1 Zte	2 Mf971r, Mf971r Firmware	2024-11-21	6.1 Medium
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
CVE-2021-21746	1 Zte	2 Mf971r, Mf971r Firmware	2024-11-21	6.1 Medium
ZTE MF971R product has reflective XSS vulnerability. An attacker could use the vulnerability to obtain cookie information.
CVE-2021-21738	1 Zte	2 Zxiptv, Zxiptv Firmware	2024-11-21	6.1 Medium
ZTE's big video business platform has two reflective cross-site scripting (XSS) vulnerabilities. Due to insufficient input verification, the attacker could implement XSS attacks by tampering with the parameters, to affect the operations of valid users. This affects: <ZXIPTV><ZXIPTV-EAS_PV5.06.04.09>
CVE-2021-21700	1 Jenkins	1 Scriptler	2024-11-21	5.4 Medium
Jenkins Scriptler Plugin 3.3 and earlier does not escape the name of scripts on the UI when asking to confirm their deletion, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by exploitable by attackers able to create Scriptler scripts.
CVE-2021-21699	1 Jenkins	1 Active Choices	2024-11-21	5.4 Medium
Jenkins Active Choices Plugin 2.5.6 and earlier does not escape the parameter name of reactive parameters and dynamic reference parameters, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21684	2 Jenkins, Redhat	2 Git, Openshift	2024-11-21	6.1 Medium
Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scripting (XSS) vulnerability.
CVE-2021-21668	1 Jenkins	1 Scriptler	2024-11-21	5.4 Medium
Jenkins Scriptler Plugin 3.1 and earlier does not escape script content, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21667	1 Jenkins	1 Scriptler	2024-11-21	5.4 Medium
Jenkins Scriptler Plugin 3.2 and earlier does not escape parameter names shown in job configuration forms, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Scriptler/Configure permission.
CVE-2021-21666	1 Jenkins	1 Kiuwan	2024-11-21	6.1 Medium
Jenkins Kiuwan Plugin 1.6.0 and earlier does not escape query parameters in an error message for a form validation endpoint, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2021-21660	1 Jenkins	1 Markdown Formatter	2024-11-21	5.4 Medium
Jenkins Markdown Formatter Plugin 0.1.0 and earlier does not sanitize crafted link target URLs, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with the ability to edit any description rendered using the configured markup formatter.
CVE-2021-21649	1 Jenkins	1 Dashboard View	2024-11-21	5.4 Medium
Jenkins Dashboard View Plugin 2.15 and earlier does not escape URLs referenced in Image Dashboard Portlets, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with View/Configure permission.
CVE-2021-21648	2 Jenkins, Redhat	2 Credentials, Openshift	2024-11-21	6.1 Medium
Jenkins Credentials Plugin 2.3.18 and earlier does not escape user-controlled information on a view it provides, resulting in a reflected cross-site scripting (XSS) vulnerability.
CVE-2021-21635	1 Jenkins	1 Rest List Parameter	2024-11-21	5.4 Medium
Jenkins REST List Parameter Plugin 1.3.0 and earlier does not escape a parameter name reference in embedded JavaScript, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21630	1 Jenkins	1 Extra Columns	2024-11-21	5.4 Medium
Jenkins Extra Columns Plugin 1.22 and earlier does not escape parameter values in the build parameters column, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21628	1 Jenkins	1 Build With Parameters	2024-11-21	5.4 Medium
Jenkins Build With Parameters Plugin 1.5 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21622	1 Jenkins	1 Artifact Repository Parameter	2024-11-21	5.4 Medium
Jenkins Artifact Repository Parameter Plugin 1.0.0 and earlier does not escape parameter names and descriptions, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers with Job/Configure permission.
CVE-2021-21619	1 Jenkins	1 Claim	2024-11-21	5.4 Medium
Jenkins Claim Plugin 2.18.1 and earlier does not escape the user display name, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers who are able to control the display names of Jenkins users, either via the security realm, or directly inside Jenkins.

« first previous Page 1713 of 2169. next last »