Skip to main content
CVE-2021-26702 MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the dataset parameter to the cgi/dataset_dictionary URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
CVSS 3.1
6.1
EPSS
3.1%
CVE-2021-26475 MEDIUM POC PATCH This Month

EPrints 3.4.2 exposes a reflected XSS opportunity in the via a cgi/cal URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Eprints
NVD GitHub
CVSS 3.1
6.1
EPSS
7.3%
CVE-2021-27318 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the lastname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Doctor Appointment System
NVD
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-27317 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in contactus.php in Doctor Appointment System 1.0 allows remote attackers to inject arbitrary web script or HTML via the comment parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Doctor Appointment System
NVD
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3332 MEDIUM POC This Month

WPS Hide Login 1.6.1 allows remote attackers to bypass a protection mechanism via post_password. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Wps Hide Login
NVD
CVSS 3.1
5.3
EPSS
1.8%
CVE-2021-21515 MEDIUM This Month

Dell EMC SourceOne, versions 7.2SP10 and prior, contain a Stored Cross-Site Scripting vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Dell XSS Emc Sourceone
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-27225 MEDIUM This Month

In Dataiku DSS before 8.0.6, insufficient access control in the Jupyter notebooks integration allows users (who have coding permissions) to read and overwrite notebooks in projects that they are not. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Data Science Studio
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-22114 MEDIUM PATCH This Month

Addresses partial fix in CVE-2018-1263. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Java Spring Integration Zip
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-27884 MEDIUM PATCH This Month

Weak JSON Web Token (JWT) signing secret generation in YMFE YApi through 1.9.2 allows recreation of other users' JWT tokens. Rated medium severity (CVSS 5.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Node.js Information Disclosure Yapi
NVD GitHub
CVSS 3.1
5.1
EPSS
0.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy