Skip to main content
CVE-2021-26799 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS) vulnerability in admin/files/edit in Omeka Classic <=2.7 allows remote attackers to inject arbitrary web script or HTML. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Omeka
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-25791 MEDIUM POC This Month

Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Online Doctor Appointment System Php Full Source Code
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
2.5%
CVE-2021-25790 MEDIUM POC This Month

Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS House Rental And Property Listing Php
NVD Exploit-DB
CVSS 3.1
5.4
EPSS
0.9%
CVE-2021-3159 MEDIUM POC This Month

A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Landray Ekp
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-25204 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS E Commerce Website
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-25809 MEDIUM POC This Month

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache() function in top.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Ucms
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-20333 MEDIUM POC This Month

Sending specially crafted commands to a MongoDB Server may result in artificial log entries being generated or for log entries to be split.6 versions prior to 3.6.20; MongoDB Server v4.0 versions. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure MongoDB
NVD
CVSS 3.1
5.3
EPSS
1.3%
CVE-2021-32686 MEDIUM PATCH This Month

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Race Condition Pjsip Debian Linux
NVD GitHub
CVSS 3.1
5.9
EPSS
2.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy