Skip to main content
CVE-2021-39286 MEDIUM PATCH This Month

Webrecorder pywb before 2.6.0 allows XSS because it does not ensure that Jinja2 templates are autoescaped. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Pywb
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38710 MEDIUM This Month

Static (Persistent) XSS Vulnerability exists in version 4.3.0 of Yclas when using the install/view/form.php script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Yclas
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-20771 MEDIUM This Month

Cross-site scripting vulnerability in some functions of E-Mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20766 MEDIUM This Month

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-20765 MEDIUM This Month

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-0420 MEDIUM This Month

In memory management driver, there is a possible system crash due to a missing bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0419 MEDIUM This Month

In memory management driver, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0418 MEDIUM This Month

In memory management driver, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0417 MEDIUM This Month

In memory management driver, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0416 MEDIUM This Month

In memory management driver, there is a possible system crash due to improper input validation. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0415 MEDIUM This Month

In memory management driver, there is a possible information disclosure due to a missing permission check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Authentication Bypass Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-0408 MEDIUM This Month

In asf extractor, there is a possible out of bounds read due to an incorrect bounds check. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Android
NVD
CVSS 3.1
5.5
EPSS
0.1%
CVE-2021-1561 MEDIUM PATCH This Month

A vulnerability in the spam quarantine feature of Cisco Secure Email and Web Manager, formerly Cisco Security Management Appliance (SMA), could allow an authenticated, remote attacker to gain. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Cisco Authentication Bypass Secure Email And Web Manager
NVD
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20774 MEDIUM This Month

Cross-site scripting vulnerability in some functions of E-mail of Cybozu Garoon 4.0.0 to 5.5.0 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20770 MEDIUM This Month

Cross-site scripting vulnerability in Message of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20769 MEDIUM This Month

Cross-site scripting vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20767 MEDIUM This Month

Cross-site scripting vulnerability in Full Text Search of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20753 MEDIUM This Month

Cross-site scripting vulnerability in Scheduler of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to inject an arbitrary script via unspecified vectors. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Garoon
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-20764 MEDIUM This Month

Improper input validation vulnerability in Attaching Files of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker to alter the data of Attaching Files. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-20775 MEDIUM This Month

Improper input validation vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the data of Comment and Space without the viewing privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20773 MEDIUM This Month

There is a vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.5.0, which may allow a remote authenticated attacker to delete the route information Workflow without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20772 MEDIUM This Month

Information disclosure vulnerability in Bulletin of Cybozu Garoon 4.10.0 to 5.5.0 allows a remote authenticated attacker to obtain the title of Bulletin without the viewing privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20768 MEDIUM This Month

Operational restrictions bypass vulnerability in Scheduler and MultiReport of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to delete the data of Scheduler and MultiReport. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20763 MEDIUM This Month

Operational restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20762 MEDIUM This Month

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated to alter the data of E-mail without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20760 MEDIUM This Month

Improper input validation vulnerability in User Profile of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of User Profile without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20759 MEDIUM This Month

Operational restrictions bypass vulnerability in Bulletin of Cybozu Garoon 4.6.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20757 MEDIUM This Month

Operational restrictions bypass vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Portal without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20756 MEDIUM This Month

Viewing restrictions bypass vulnerability in Address of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Address without the viewing privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20755 MEDIUM This Month

Viewing restrictions bypass vulnerability in Portal of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to obtain the data of Portal without the viewing privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass Garoon
NVD
CVSS 3.1
4.3
EPSS
0.9%
CVE-2021-20754 MEDIUM This Month

Improper input validation vulnerability in Workflow of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote authenticated attacker to alter the data of Workflow without the appropriate privilege. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
4.3
EPSS
0.8%
CVE-2021-20761 LOW Monitor

Improper input validation vulnerability in E-mail of Cybozu Garoon 4.0.0 to 5.0.2 allows a remote attacker with an administrative privilege to alter the data of E-mail without the appropriate. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Garoon
NVD
CVSS 3.1
2.7
EPSS
0.8%
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy