Skip to main content
CVE-2021-3314 MEDIUM POC This Month

Oracle GlassFish Server 3.1.2.18 and below allows /common/logViewer/logViewer.jsf XSS. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Oracle Glassfish Server
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-26801 MEDIUM POC This Month

A stored cross-site scripting (XSS) vulnerability was discovered in /Forms/device_vars_1 on TrippLite SU2200RTXL2Ua with firmware version 12.04.0055. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Su2200Rtxl2Ua Firmware
NVD VulDB
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-35501 MEDIUM POC This Month

PandoraFMS <=7.54 allows Stored XSS by placing a payload in the name field of a visual console. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Pandora Fms
NVD
CVSS 3.1
5.4
EPSS
1.0%
CVE-2021-21004 MEDIUM This Month

In Phoenix Contact FL SWITCH SMCS series products in multiple versions an attacker may insert malicious code via LLDP frames into the web-based management which could then be executed by the client. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fl Switch Smcs 16Tx Firmware Fl Switch Smcs 14Tx 2Fx Firmware Fl Switch Smcs 14Tx 2Fx Sm Firmware Fl Switch Smcs 8Gt Firmware +11
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-32702 MEDIUM PATCH This Month

The Auth0 Next.js SDK is a library for implementing user authentication in Next.js applications. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

RCE XSS Nextjs Auth0
NVD GitHub
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-29677 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Hashicorp Security Verify
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-29676 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) is vulnerable to link injection. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

IBM XSS Hashicorp Security Verify
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-35475 MEDIUM This Month

SAS Environment Manager 2.5 allows XSS through the Name field when creating/editing a server. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Environment Manager
NVD GitHub
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-21003 MEDIUM This Month

In Phoenix Contact FL SWITCH SMCS series products in multiple versions fragmented TCP-Packets may cause a Denial of Service of Web-, SNMP- and ICMP-Echo services. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Fl Switch Smcs 16Tx Firmware Fl Switch Smcs 14Tx 2Fx Firmware Fl Switch Smcs 14Tx 2Fx Sm Firmware Fl Switch Smcs 8Gt Firmware +11
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31615 MEDIUM This Month

Unencrypted Bluetooth Low Energy baseband links in Bluetooth Core Specifications 4.0 through 5.2 may permit an adjacent device to inject a crafted packet during the receive window of the listening. Rated medium severity (CVSS 5.3), this vulnerability is no authentication required. No vendor patch available.

Code Injection Race Condition Bluetooth Core Specification
NVD
CVSS 3.1
5.3
EPSS
0.4%
CVE-2021-20583 MEDIUM PATCH This Month

IBM Security Verify (IBM Security Verify Privilege Vault 10.9.66) could disclose sensitive information through an HTTP GET request by a privileged user due to improper input validation.. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

Information Disclosure IBM Hashicorp Security Verify
NVD
CVSS 3.1
4.9
EPSS
0.9%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy