Skip to main content
CVE-2021-28160 MEDIUM POC This Month

Wireless-N WiFi Repeater REV 1.0 (28.08.06.1) suffers from a reflected XSS vulnerability due to unsanitized SSID value when the latter is displayed in the /repeater.html page ("Repeater Wizard". Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Acexy Wireless N Wifi Repeater Firmware
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24135 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the WP Customer Reviews WordPress plugin, versions before 3.4.3, lead to multiple Stored Cross-Site Scripting vulnerabilities allowing remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Customer Reviews
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-24124 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the WP Shieldon WordPress plugin, version 1.6.3 and below, leads to Unauthenticated Reflected Cross-Site Scripting (XSS) when the CAPTCHA page is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Shieldon
NVD WPScan
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-24138 MEDIUM POC This Month

Unvalidated input in the AdRotate WordPress plugin, versions before 5.8.4, leads to Authenticated SQL injection via param "id". Rated medium severity (CVSS 5.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress SQLi Adrotate
NVD WPScan
CVSS 3.1
5.5
EPSS
1.2%
CVE-2021-21383 MEDIUM POC PATCH This Month

Wiki.js an open-source wiki app built on Node.js. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Node.js XSS Wiki Js
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-24147 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Modern Events Calendar Lite WordPress plugin, versions before 5.16.5, did not sanitise the mic_comment field (Notes on time) when adding/editing. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Modern Events Calendar Lite
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24136 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Testimonials Widget WordPress plugin, versions before 4.0.0, lead to multiple Cross-Site Scripting vulnerabilities, allowing remote attackers to. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Testimonials Widget
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24129 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Themify Portfolio Post WordPress plugin, versions before 1.1.6, lead to Stored Cross-Site Scripting (XSS) vulnerabilities allowing low-privileged. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Portfolio Post
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24128 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Team Members WordPress plugin, versions before 5.0.4, lead to Cross-site scripting vulnerabilities allowing medium-privileged authenticated. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Team Members
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24127 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the ThirstyAffiliates Affiliate Link Manager WordPress plugin, versions before 3.9.3, was vulnerable to authenticated Stored Cross-Site Scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Thirstyaffiliates Affiliate Link Manager
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-24126 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Envira Gallery Lite WordPress plugin, versions before 1.8.3.3, did not properly sanitise the images metadata (namely title) before outputting them. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Envira Gallery
NVD WPScan
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-28681 MEDIUM POC PATCH This Month

Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Webrtc
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-24134 MEDIUM POC This Month

Unvalidated input and lack of output encoding in the Constant Contact Forms WordPress plugin, versions before 1.8.8, lead to multiple Stored Cross-Site Scripting vulnerabilities, which allowed. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Constant Contact Forms
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-28420 MEDIUM POC This Month

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via alerts.php and the "from_time" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2021-28418 MEDIUM POC This Month

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via settings.php and the "category" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2021-28417 MEDIUM POC This Month

A cross-site scripting (XSS) issue in Seo Panel 4.8.0 allows remote attackers to inject JavaScript via archive.php and the "search_name" parameter. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Seo Panel
NVD GitHub Exploit-DB
CVSS 3.1
4.8
EPSS
1.9%
CVE-2021-26216 MEDIUM POC This Month

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditFolder.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Seeddms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-26215 MEDIUM POC This Month

SeedDMS 5.1.x is affected by cross-site request forgery (CSRF) in out.EditDocument.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Seeddms
NVD VulDB
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-24133 MEDIUM POC This Month

Lack of CSRF checks in the ActiveCampaign WordPress plugin, versions before 8.0.2, on its Settings form, which could allow attacker to make a logged-in administrator change API Credentials to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Activecampaign
NVD WPScan
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-21623 MEDIUM PATCH This Month

An incorrect permission check in Jenkins Matrix Authorization Strategy Plugin 2.6.5 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack Item/Read. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Matrix Authorization Strategy
NVD
CVSS 3.1
6.5
EPSS
1.0%
CVE-2021-20675 MEDIUM This Month

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Dl8 A Firmware Dl8 B Firmware Dl8 C Firmware Dl8 D Firmware +1
NVD
CVSS 3.1
6.5
EPSS
1.3%
CVE-2021-20631 MEDIUM This Month

Improper input validation vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attacker to alter the data of Custom App via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Office
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-20626 MEDIUM This Month

Improper access control vulnerability in Workflow of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and alter the data of Workflow via unspecified vectors. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-20624 MEDIUM This Month

Improper access control vulnerability in Scheduler of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Scheduler via unspecified. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-27436 MEDIUM This Month

WebAccess/SCADA Versions 9.0 and prior is vulnerable to cross-site scripting, which may allow an attacker to send malicious JavaScript code to an unsuspecting user, which could result in hijacking of. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Webaccess Scada
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-28796 MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.33.0 allows XSS in transformers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Qiita
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20629 MEDIUM This Month

Cross-site scripting vulnerability in E-mail of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20628 MEDIUM This Month

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Microsoft XSS Office
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20627 MEDIUM This Month

Cross-site scripting vulnerability in Address Book of Cybozu Office 10.0.0 to 10.8.4 allows remote attackers to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft XSS Office
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3416 MEDIUM PATCH This Month

A potential stack overflow via infinite loop issue was found in various NIC emulators of QEMU in versions up to and including 5.2.0. Rated medium severity (CVSS 6.0), this vulnerability is low attack complexity.

Denial Of Service Qemu Fedora Enterprise Linux Debian Linux
NVD
CVSS 3.1
6.0
EPSS
0.5%
CVE-2021-28145 MEDIUM PATCH This Month

Concrete CMS (formerly concrete5) before 8.5.5 allows remote authenticated users to conduct XSS attacks via a crafted survey block. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Concrete Cms
NVD
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-25764 MEDIUM This Month

In JetBrains PhpStorm before 2020.3, source code could be added to debug logs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Phpstorm
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-28133 MEDIUM This Month

Zoom through 5.5.4 sometimes allows attackers to read private information on a participant's screen, even though the participant never attempted to share the private part of their screen. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Zoom
NVD
CVSS 3.1
4.3
EPSS
16.3%
CVE-2021-21626 MEDIUM PATCH This Month

Jenkins Warnings Next Generation Plugin 8.4.4 and earlier does not perform a permission check in methods implementing form validation, allowing attackers with Item/Read permission but without. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Warnings Next Generation
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-21625 MEDIUM PATCH This Month

Jenkins CloudBees AWS Credentials Plugin 1.28 and earlier does not perform a permission check in a helper method for HTTP endpoints, allowing attackers with Overall/Read permission to enumerate. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Cloudbees Aws Credentials
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-21624 MEDIUM PATCH This Month

An incorrect permission check in Jenkins Role-based Authorization Strategy Plugin 3.1 and earlier allows attackers with Item/Read permission on nested items to access them, even if they lack. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Jenkins Authentication Bypass Role Based Authorization Strategy
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20676 MEDIUM This Month

M-System DL8 series (type A (DL8-A) versions prior to Ver3.0, type B (DL8-B) versions prior to Ver3.0, type C (DL8-C) versions prior to Ver3.0, type D (DL8-D) versions prior to Ver3.0, and type E. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Dl8 A Firmware Dl8 B Firmware Dl8 C Firmware Dl8 D Firmware +1
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20634 MEDIUM This Month

Improper access control vulnerability in Custom App of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Custom App via unspecified. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20633 MEDIUM This Month

Improper access control vulnerability in Cabinet of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the date of Cabinet via unspecified vectors. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20632 MEDIUM This Month

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Bulletin Board via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20630 MEDIUM This Month

Improper access control vulnerability in Phone Messages of Cybozu Office 10.0.0 to 10.8.4 allows authenticated attackers to bypass access restriction and obtain the data of Phone Messages via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%
CVE-2021-20625 MEDIUM This Month

Improper access control vulnerability in Bulletin Board of Cybozu Office 10.0.0 to 10.8.4 allows an authenticated attacker to bypass access restriction and alter the data of Bulletin Board via. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Authentication Bypass Office
NVD
CVSS 3.1
4.3
EPSS
0.7%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy