Skip to main content
CVE-2020-21517 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability in MetInfo 7.0.0 via the gourl parameter in login.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Metinfo
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.2%
CVE-2020-19511 MEDIUM POC This Month

Cross Site Scriptiong vulnerability in Typesetter 5.1 via the !1) className and !2) Description fields in index.php/Admin/Classes,. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Typesetter
NVD VulDB
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24373 MEDIUM POC This Month

The WP Hardening - Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the historyvalue GET parameter before outputting it in a Javascript block, leading to a. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Hardening
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24372 MEDIUM POC This Month

The WP Hardening - Fix Your WordPress Security WordPress plugin before 1.2.2 did not sanitise or escape the $_SERVER['REQUEST_URI'] before outputting it in an attribute, leading to a reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Hardening
NVD WPScan
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24364 MEDIUM POC This Month

The Jannah WordPress theme before 5.4.4 did not properly sanitize the options JSON parameter in its tie_get_user_weather AJAX action before outputting it back in the page, leading to a Reflected. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Jannah
NVD WPScan
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-21422 MEDIUM POC PATCH This Month

mongo-express is a web-based MongoDB admin interface, written with Node.js and express. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Node.js XSS Mongo Express
NVD GitHub
CVSS 3.1
6.1
EPSS
1.6%
CVE-2021-24383 MEDIUM POC This Month

The WP Google Maps WordPress plugin before 8.1.12 did not sanitise, validate of escape the Map Name when output in the Map List of the admin dashboard, leading to an authenticated Stored Cross-Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Google WordPress XSS Wp Go Maps
NVD WPScan Exploit-DB
CVSS 3.1
5.4
EPSS
2.3%
CVE-2021-24369 MEDIUM POC This Month

In the GetPaid WordPress plugin before 2.3.4, users with the contributor role and above can create a new Payment Form, however the Label and Help Text input fields were not getting sanitized. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation WordPress XSS Getpaid
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24367 MEDIUM POC This Month

The WP Config File Editor WordPress plugin through 1.7.1 was affected by an Authenticated Stored Cross-Site Scripting (XSS) vulnerability. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Wp Config File Editor
NVD WPScan
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-24366 MEDIUM POC This Month

The Admin Columns WordPress plugin before 4.3 and Admin Columns Pro WordPress plugin before 5.5.1 do not sanitise and escape its Label settings, which could allow high privilege users such as admin. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Admin Columns
NVD GitHub WPScan
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-24339 MEDIUM POC This Month

The Pods - Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Menu Label' field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24338 MEDIUM POC This Month

The Pods - Custom Content Types and Fields WordPress plugin before 2.7.27 was vulnerable to an Authenticated Stored Cross-Site Scripting (XSS) security vulnerability within the 'Singular Label' field. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Pods
NVD WPScan
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-24379 MEDIUM POC This Month

The Comments Like Dislike WordPress plugin before 1.1.4 allows users to like/dislike posted comments, however does not prevent them from replaying the AJAX request to add a like. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Comments Like Dislike
NVD WPScan
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-24374 MEDIUM POC PATCH This Month

The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Authentication Bypass Jetpack
NVD WPScan
CVSS 3.1
5.3
EPSS
1.5%
CVE-2021-29060 MEDIUM POC PATCH This Month

A Regular Expression Denial of Service (ReDOS) vulnerability was discovered in Color-String version 1.5.5 and below which occurs when the application is provided and checks a crafted invalid HWB. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service Color String
NVD GitHub
CVSS 3.1
5.3
EPSS
3.1%
CVE-2021-24378 MEDIUM POC This Month

The Autoptimize WordPress plugin before 2.7.8 does not check for malicious files such as .html in the archive uploaded via the 'Import Settings' feature. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Autoptimize
NVD WPScan
CVSS 3.1
4.8
EPSS
0.6%
CVE-2021-28684 MEDIUM POC This Month

The XML parser used in ConeXware PowerArchiver before 20.10.02 allows processing of external entities, which might lead to exfiltration of local files over the network (via an XXE attack). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XXE Powerarchiver
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-34387 MEDIUM This Month

The ARM TrustZone Technology on which Trusty is based on contains a vulnerability in access permission settings where the portion of the DRAM reserved for TrustZone is identity-mapped by TLK with. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-34386 MEDIUM This Month

Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the calloc size calculation can cause the multiplication of count and size can overflow, which might lead to. Rated medium severity (CVSS 6.7), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Integer Overflow Nvidia Jetson Linux
NVD
CVSS 3.1
6.7
EPSS
0.2%
CVE-2021-0504 MEDIUM PATCH This Month

In avrc_pars_browse_rsp of avrc_pars_ct.cc, there is a possible out of bounds read due to a missing bounds check. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Buffer Overflow Google Information Disclosure Android
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2021-33572 MEDIUM This Month

A Denial-of-Service (DoS) vulnerability was discovered in F-Secure Linux Security whereby the FSAVD component used in certain F-Secure products can crash while scanning larger packages/fuzzed files. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Cloud Protection For Salesforce Elements For Microsoft 365 Endpoint Protection +1
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-28833 MEDIUM PATCH This Month

Increments Qiita::Markdown before 0.34.0 allows XSS via a crafted gist link, a different vulnerability than CVE-2021-28796. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Qiita
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-0521 MEDIUM PATCH This Month

In getAllPackages of PackageManagerService, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Google Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-32697 MEDIUM PATCH This Month

neos/forms is an open source framework to build web forms. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Form
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-34389 MEDIUM This Month

Trusty contains a vulnerability in NVIDIA OTE protocol message parsing code, which is present in all the TAs. Rated medium severity (CVSS 5.0), this vulnerability is low attack complexity. No vendor patch available.

Nvidia Information Disclosure Jetson Linux
NVD
CVSS 3.1
5.0
EPSS
0.3%
CVE-2021-32698 MEDIUM PATCH This Month

eLabFTW is an open source electronic lab notebook for research labs. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. This Server-Side Request Forgery (SSRF) vulnerability could allow attackers to make the server perform requests to unintended internal or external resources.

SSRF Elabftw
NVD GitHub
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy