Skip to main content
CVE-2021-34817 MEDIUM POC PATCH This Month

A Cross-Site Scripting (XSS) issue in the chat component of Etherpad 1.8.13 allows remote attackers to inject arbitrary JavaScript or HTML by importing a crafted pad. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Etherpad
NVD GitHub
CVSS 3.1
6.1
EPSS
1.3%
CVE-2021-3279 MEDIUM POC This Month

sz.chat version 4 allows injection of web scripts and HTML in the message box. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Szchat
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-24452 MEDIUM POC This Month

The W3 Total Cache WordPress plugin before 2.1.5 was affected by a reflected Cross-Site Scripting (XSS) issue within the "extension" parameter in the Extensions dashboard, when the 'Anonymously track. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W3 Total Cache
NVD WPScan
CVSS 3.1
6.1
EPSS
2.0%
CVE-2021-24436 MEDIUM POC This Month

The W3 Total Cache WordPress plugin before 2.1.4 was vulnerable to a reflected Cross-Site Scripting (XSS) security vulnerability within the "extension" parameter in the Extensions dashboard, which is. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS W3 Total Cache
NVD WPScan
CVSS 3.1
6.1
EPSS
1.9%
CVE-2021-24447 MEDIUM POC This Month

The WP Image Zoom WordPress plugin before 1.47 did not validate its tab parameter before using it in the include_once() function, leading to a local file inclusion issue in the admin dashboard. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Path Traversal Wp Image Zoom
NVD WPScan
CVSS 3.1
5.3
EPSS
1.4%
CVE-2021-24482 MEDIUM POC This Month

The Related Posts for WordPress plugin through 2.0.4 does not sanitise its heading_text and CSS settings, allowing high privilege users (admin) to set XSS payloads in them, leading to Stored. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Related Posts
NVD WPScan
CVSS 3.1
4.8
EPSS
0.7%
CVE-2021-36797 MEDIUM This Month

In Victron Energy Venus OS through 2.72, root access is granted by default to anyone with physical access to the device. Rated medium severity (CVSS 6.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Venus Os
NVD GitHub
CVSS 3.1
6.8
EPSS
0.3%
CVE-2021-34618 MEDIUM This Month

A remote denial of service (DoS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.18 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Aruba Aruba Instant
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2021-32760 MEDIUM PATCH This Month

containerd is a container runtime. Rated medium severity (CVSS 6.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Containerd Fedora
NVD GitHub
CVSS 3.1
6.3
EPSS
1.6%
CVE-2021-3135 MEDIUM This Month

An issue was discovered in the tagDiv Newspaper theme 10.3.9.1 for WordPress. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS PHP Newspaper
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-34617 MEDIUM This Month

A remote cross-site scripting (XSS) vulnerability was discovered in some Aruba Instant Access Point (IAP) products in version(s): Aruba Instant 6.4.x: 6.4.4.8-4.2.4.13 and below; Aruba Instant 6.5.x:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Aruba Aruba Instant
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-34821 MEDIUM This Month

Cross Site Scripting (XSS) vulnerability exists in AAT Novus Management System through 1.51.2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Novus Management System
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-35043 MEDIUM PATCH This Month

OWASP AntiSamy before 1.6.4 allows XSS via HTML attributes when using the HTML output serializer (XHTML is not affected). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Antisamy Retail Back Office Retail Central Office Retail Returns Management +7
NVD GitHub
CVSS 3.1
6.1
EPSS
1.5%
CVE-2021-35966 MEDIUM This Month

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Orca Hcm
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-32014 MEDIUM PATCH This Month

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (CPU consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sheetjs Sheetjs Pro Rest Data Services
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32013 MEDIUM PATCH This Month

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 2 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sheetjs Sheetjs Pro Rest Data Services
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-32012 MEDIUM PATCH This Month

SheetJS and SheetJS Pro through 0.16.9 allows attackers to cause a denial of service (memory consumption) via a crafted .xlsx document that is mishandled when read by xlsx.js (issue 1 of 2). Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.

Denial Of Service Sheetjs Sheetjs Pro Rest Data Services
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-20507 MEDIUM This Month

IBM Jazz Foundation and IBM Engineering products are vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM XSS Engineering Lifecycle Optimization Engineering Requirements Quality Assistant On Premises Engineering Workflow Management +4
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35967 MEDIUM This Month

The directory page parameter of the Orca HCM digital learning platform does not filter special characters. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Orca Hcm
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-29780 MEDIUM This Month

IBM Resilient OnPrem v41.1 of IBM Security SOAR could allow an authenticated user to perform actions that they should not have access to due to improper input validation. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

IBM Information Disclosure Resilient Security Orchestration Automation And Response
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2021-35968 MEDIUM This Month

The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Orca Hcm
NVD
CVSS 3.1
4.3
EPSS
1.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy