Skip to main content
CVE-2021-41826 MEDIUM POC THREAT This Month

PlaceOS Authentication Service before 1.29.10.0 allows app/controllers/auth/sessions_controller.rb open redirect. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Open Redirect Placeos Authentication
NVD GitHub
CVSS 3.1
6.1
EPSS
11.9%
CVE-2021-41324 MEDIUM This Month

Directory traversal in the Copy, Move, and Delete features in Pydio Cells 2.2.9 allows remote authenticated users to enumerate personal files (or Cells files belonging to any user) via the nodes. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cells
NVD GitHub
CVSS 3.1
6.5
EPSS
2.1%
CVE-2021-41325 MEDIUM This Month

Broken access control for user creation in Pydio Cells 2.2.9 allows remote anonymous users to create standard users via the profile parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Cells
NVD GitHub
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-41323 MEDIUM This Month

Directory traversal in the Compress feature in Pydio Cells 2.2.9 allows remote authenticated users to overwrite personal files, or Cells files belonging to any user, via the format parameter. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Cells
NVD GitHub
CVSS 3.1
6.5
EPSS
2.0%
CVE-2021-35201 MEDIUM This Month

NEI in NETSCOUT nGeniusONE 6.3.0 build 1196 allows XML External Entity (XXE) attacks. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Ngeniusone
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-24016 MEDIUM This Month

An improper neutralization of formula elements in a csv file in Fortinet FortiManager version 6.4.3 and below, 6.2.7 and below allows attacker to execute arbitrary commands via crafted IPv4 field in. Rated medium severity (CVSS 6.3). No vendor patch available.

Fortinet Information Disclosure Fortimanager
NVD
CVSS 3.1
6.3
EPSS
0.5%
CVE-2021-20554 MEDIUM PATCH This Month

IBM Sterling Order Management 9.4, 9.5, and 10.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Sterling Order Management
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25963 MEDIUM PATCH This Month

In Shuup, versions 1.6.0 through 2.10.8 are vulnerable to reflected Cross-Site Scripting (XSS) that allows execution of arbitrary javascript code on a victim browser. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Shuup
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-41101 MEDIUM This Month

wire-server is an open-source back end for Wire, a secure collaboration platform. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Wire Server
NVD GitHub
CVSS 3.1
5.7
EPSS
0.7%
CVE-2021-35203 MEDIUM This Month

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Arbitrary File Read operations via the FDSQueryService endpoint. Rated medium severity (CVSS 5.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Information Disclosure Ngeniusone
NVD
CVSS 3.1
5.7
EPSS
0.7%
CVE-2021-35205 MEDIUM This Month

NETSCOUT Systems nGeniusONE version 6.3.0 build 1196 allows URL redirection in redirector. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Open Redirect Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2021-35204 MEDIUM This Month

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Reflected Cross-Site Scripting (XSS) in the support endpoint. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35199 MEDIUM This Month

NETSCOUT nGeniusONE 6.3.0 build 1196 and earlier allows Stored Cross-Site Scripting (XSS) in UploadFile. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35198 MEDIUM This Month

NETSCOUT nGeniusONE 6.3.0 build 1004 and earlier allows Stored Cross-Site Scripting (XSS) in the Packet Analysis module. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-35200 MEDIUM This Month

NETSCOUT nGeniusONE 6.3.0 build 1196 allows high-privileged users to achieve Stored Cross-Site Scripting (XSS) in FDSQueryService. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ngeniusone
NVD
CVSS 3.1
4.8
EPSS
0.4%
CVE-2021-35202 MEDIUM This Month

NETSCOUT Systems nGeniusONE 6.3.0 build 1196 allows Authorization Bypass (to access an endpoint) in FDSQueryService. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Ngeniusone
NVD
CVSS 3.1
4.3
EPSS
0.6%
CVE-2021-24017 MEDIUM This Month

An improper authentication in Fortinet FortiManager version 6.4.3 and below, 6.2.6 and below allows attacker to assign arbitrary Policy and Object modules via crafted requests to the request handler. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Fortinet Authentication Bypass Fortimanager
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy