Lucene search
K

15795 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.7 views

CVE-2021-42043

An issue was discovered in Special:MediaSearch in the MediaSearch extension in MediaWiki through 1.36.2. The suggestion text a parameter to mediasearch-did-you-mean was not being properly sanitized and allowed for the injection and execution of HTML and JavaScript via the intitle: search operator...

6.1CVSS7AI score0.00726EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 9:5 p.m.10 views

CVE-2021-24884

The Formidable Form Builder WordPress plugin before 4.09.05 allows to inject certain HTML Tags like ,,, and.This could allow an unauthenticated, remote attacker to exploit a HTML-injection byinjecting a malicous link. The HTML-injection may trick authenticated users to follow the link. If the Lin...

9.6CVSS7.6AI score0.03084EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:4 p.m.8 views

CVE-2021-42564

An open redirect through HTML injection in confidential messages in Cryptshare before 5.1.0 allows remote attackers with permission to provide confidential messages via Cryptshare to redirect targeted victims to any URL via the 'meta http-equiv="refresh"' substring in the editor parameter...

5.4CVSS7.1AI score0.00665EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 8:59 p.m.4 views

CVE-2021-20680

Cross-site scripting vulnerability in NEC Aterm devices Aterm WG1900HP2 firmware Ver.1.3.1 and earlier, Aterm WG1900HP firmware Ver.2.5.1 and earlier, Aterm WG1800HP4 firmware Ver.1.3.1 and earlier, Aterm WG1800HP3 firmware Ver.1.5.1 and earlier, Aterm WG1200HS2 firmware Ver.2.5.0 and earlier,...

6.1CVSS6.4AI score0.00796EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:53 p.m.6 views

CVE-2021-37386

Furukawa Electric LatAm 423-41W/AC before v1.1.4 and LD421-21W before v1.3.3 were discovered to contain an HTML injection vulnerability via the serial number update function...

7.5CVSS7.1AI score0.00456EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:40 p.m.6 views

CVE-2021-26844

A cross-site scripting XSS vulnerability in Power Admin PA Server Monitor 8.2.1.1 allows remote attackers to inject arbitrary web script or HTML via Console.exe...

5.4CVSS6.2AI score0.00669EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:8 p.m.4 views

CVE-2021-38265

Cross-site scripting XSS vulnerability in the Asset module in Liferay Portal 7.3.4 through 7.3.6 allow remote attackers to inject arbitrary web script or HTML when creating a collection page via the comliferayassetlistwebportletAssetListPortlettitle parameter...

5.4CVSS5.8AI score0.00565EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 8:6 p.m.7 views

CVE-2021-37541

In JetBrains Hub before 2021.1.13402, HTML injection in the password reset email was possible...

6.1CVSS7.2AI score0.0055EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:53 p.m.4 views

CVE-2021-35463

Cross-site scripting XSS vulnerability in the Frontend Taglib module in Liferay Portal 7.4.0 allows remote attackers to inject arbitrary web script or HTML into the management toolbar search via the keywords parameter...

6.1CVSS5.8AI score0.0075EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:48 p.m.6 views

CVE-2021-3340

A cross-site scripting XSS vulnerability in many forms of Wikindx before 5.7.0 and 6.x through 6.4.0 allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php?action=initLogon or modules/admin/DELETEIMAGES.php...

6.1CVSS5.7AI score0.00792EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:46 p.m.5 views

CVE-2021-3279

sz.chat version 4 allows injection of web scripts and HTML in the message box...

6.1CVSS7.1AI score0.00839EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:43 p.m.5 views

CVE-2021-31834

Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator ePO prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized...

5.4CVSS5.9AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:28 p.m.6 views

CVE-2021-26799

Cross Site Scripting XSS vulnerability in admin/files/edit in Omeka Classic =2.7 allows remote attackers to inject arbitrary web script or HTML...

6.1CVSS6AI score0.01042EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:22 p.m.5 views

CVE-2021-24590

The Cookie Notice & Consent Banner for GDPR & CCPA Compliance WordPress plugin before 1.7.2 does not properly sanitize inputs to prevent injection of arbitrary HTML within the plugin's design customization options...

5.4CVSS7AI score0.00624EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:19 p.m.6 views

CVE-2021-23899

OWASP json-sanitizer before 1.2.2 may emit closing SCRIPT tags and CDATA section delimiters for crafted input. This allows an attacker to inject arbitrary HTML or XML into embedding documents...

9.8CVSS6.8AI score0.02068EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:10 p.m.9 views

CVE-2021-21398

PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.7.3, an attacker can inject HTML when the Grid Column Type DataColumn is badly used. The problem is fixed in 1.7.7.3...

5.4CVSS6.6AI score0.00701EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:8 p.m.9 views

CVE-2021-20809

Cross-site scripting vulnerability in Create screens of Entry, Page, and Content Type of Movable Type Movable Type 7 r.4903 and earlier Movable Type 7 Series, Movable Type 6.8.0 and earlier Movable Type 6 Series, Movable Type Advanced 7 r.4903 and earlier Movable Type Advanced 7 Series, Movable...

6.1CVSS6.4AI score0.009EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:8 p.m.6 views

CVE-2021-32609

Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html including scripts into the page...

5.4CVSS6.7AI score0.01602EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:57 p.m.12 views

CVE-2021-46079

An Unrestricted File Upload vulnerability exists in Sourcecodester Vehicle Service Management System 1.0. A remote attacker can upload malicious files leading to Html Injection...

7.2CVSS7AI score0.03309EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 6:51 p.m.8 views

CVE-2021-43961

Sonatype Nexus Repository Manager 3.36.0 allows HTML Injection...

4.3CVSS6.8AI score0.00699EPSS
Exploits0
Rows per page
Query Builder