Skip to main content
CVE-2021-28162 MEDIUM POC PATCH This Month

In Eclipse Theia versions up to and including 0.16.0, in the notification messages there is no HTML escaping, so Javascript code can run. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Theia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-28161 MEDIUM POC PATCH This Month

In Eclipse Theia versions up to and including 1.8.0, in the debug console there is no HTML escaping, so arbitrary Javascript code can be injected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Theia
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-21078 MEDIUM This Month

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by an Unquoted Service Path vulnerability in CCXProcess that could allow an attacker to achieve arbitrary code execution. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity. No vendor patch available.

RCE Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-21080 MEDIUM This Month

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-21079 MEDIUM This Month

Adobe Connect version 11.0.7 (and earlier) is affected by a reflected Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Adobe Connect
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-21068 MEDIUM This Month

Adobe Creative Cloud Desktop Application version 5.3 (and earlier) is affected by a file handling vulnerability that could allow an attacker to cause arbitrary file overwriting. Rated medium severity (CVSS 6.1), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Adobe Creative Cloud Desktop Application
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-21379 MEDIUM PATCH This Month

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Code Injection Xwiki
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-21366 MEDIUM PATCH This Month

xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Xmldom Debian Linux
NVD GitHub
CVSS 3.1
4.3
EPSS
1.3%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy