NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
NeDi 1.9C is vulnerable to a cross-site scripting (XSS) attack. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The ke_search (aka Faceted Search) extension through 2.8.2, and 3.x through 3.1.3, for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
The mm_forum extension through 1.9.5 for TYPO3 allows XSS that can be exploited via CSRF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The jh_captcha extension through 2.1.3, and 3.x through 3.0.2, for TYPO3 allows XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
An issue was discovered on Samsung mobile devices with O(8.x), P(9.0), and Q(10.0) software. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
GitLab EE 11.3 through 13.1.2 has Incorrect Access Control because of the Maven package upload endpoint. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The typo3_forum extension before 1.2.1 for TYPO3 has Incorrect Access Control. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. Rated medium severity (CVSS 4.4).