Skip to main content
CVE-2021-33507 MEDIUM PATCH This Month

Zope Products.CMFCore before 2.5.1 and Products.PluggableAuthService before 2.6.2, as used in Plone through 5.2.4 and other products, allow Reflected XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Plone Zope
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-29414 MEDIUM This Month

STMicroelectronics STM32L4 devices through 2021-03-29 have incorrect physical access control. Rated medium severity (CVSS 6.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Stm32Cubel4 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2021-29415 MEDIUM This Month

The elliptic curve cryptography (ECC) hardware accelerator, part of the ARM® TrustZone® CryptoCell 310, contained in the NordicSemiconductor nRF52840 through 2021-03-29 has a non-constant time ECDSA. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Nrf52840 Firmware
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-33513 MEDIUM PATCH This Month

Plone through 5.2.4 allows XSS via the inline_diff methods in Products.CMFDiffTool. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33512 MEDIUM PATCH This Month

Plone through 5.2.4 allows stored XSS attacks (by a Contributor) by uploading an SVG or HTML document. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-33508 MEDIUM PATCH This Month

Plone through 5.2.4 allows XSS via a full name that is mishandled during rendering of the ownership tab of a content item. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Plone
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-29681 MEDIUM This Month

IBM InfoSphere Information Server 11.7 could allow an attacker to obtain sensitive information by injecting parameters into an HTML query. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

IBM Information Disclosure Infosphere Information Server
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-33510 MEDIUM PATCH This Month

Plone through 5.2.4 allows remote authenticated managers to conduct SSRF attacks via an event ical URL, to read one line of a file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SSRF Plone
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy