Skip to main content
CVE-2021-26916 MEDIUM POC This Month

In nopCommerce 4.30, a Reflected XSS issue in the Discount Coupon component allows remote attackers to inject arbitrary web script or HTML through the Filters/CheckDiscountCouponAttribute.cs. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Nopcommerce
NVD GitHub
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-22122 MEDIUM POC THREAT This Month

An improper neutralization of input during web page generation in FortiWeb GUI interface 6.3.0 through 6.3.7 and version before 6.2.4 may allow an unauthenticated, remote attacker to perform a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
6.1
EPSS
10.5%
CVE-2021-26917 MEDIUM POC PATCH This Month

PyBitmessage through 0.6.3.2 allows attackers to write screen captures to Potentially Unwanted Directories via a crafted apinotifypath value. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Information Disclosure Pybitmessage
NVD GitHub
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-21290 MEDIUM POC PATCH This Month

Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available.

Apple Information Disclosure Netty Debian Linux Quarkus +10
NVD GitHub
CVSS 3.1
5.5
EPSS
1.8%
CVE-2021-26540 MEDIUM POC PATCH This Month

Apostrophe Technologies sanitize-html before 2.3.2 does not properly validate the hostnames set by the "allowedIframeHostnames" option when the "allowIframeRelativeUrls" is set to true, which allows. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Sanitize Html
NVD GitHub
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-26539 MEDIUM POC PATCH This Month

Apostrophe Technologies sanitize-html before 2.3.1 does not properly handle internationalized domain name (IDN) which could allow an attacker to bypass hostname whitelist validation set by the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Authentication Bypass Sanitize Html
NVD GitHub
CVSS 3.1
5.3
EPSS
2.0%
CVE-2021-3293 MEDIUM POC THREAT This Month

emlog v5.3.1 has full path disclosure vulnerability in t/index.php, which allows an attacker to see the path to the webroot/file. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Emlog
NVD GitHub
CVSS 3.1
5.3
EPSS
17.4%
CVE-2021-26905 MEDIUM This Month

1Password SCIM Bridge before 1.6.2 mishandles validation of authenticated requests for log files, leading to disclosure of a TLS private key. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Scim Bridge
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20359 MEDIUM This Month

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 - Business Automation Application Designer Component stores potentially sensitive information in log files that could be obtained by an unauthorized. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Automation
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20358 MEDIUM This Month

IBM Cloud Pak for Automation 20.0.3, 20.0.2-IF002 stores potentially sensitive information in clear text in API connection log files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Cloud Pak For Automation
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-21435 MEDIUM This Month

Article Bcc fields and agent personal information are shown when customer prints the ticket (PDF) via external interface. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Otrs
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-21434 MEDIUM This Month

Survey administrator can craft a survey in such way that malicious code can be executed in the agent interface (i.e. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Survey
NVD
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-21288 MEDIUM PATCH This Month

CarrierWave is an open-source RubyGem which provides a simple and flexible way to upload files from Ruby applications. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Carrierwave
NVD GitHub
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-21436 MEDIUM This Month

Agents are able to see and link Config Items without permissions, which are defined in General Catalog. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Cis In Customer Frontend
NVD
CVSS 3.1
4.3
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy