Skip to main content
CVE-2020-21228 MEDIUM POC This Month

JIZHICMS 1.5.1 contains a cross-site scripting (XSS) vulnerability in the component /user/release.html, which allows attackers to arbitrarily add an administrator cookie. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Jizhicms
NVD GitHub VulDB
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-41467 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in application/controllers/dropbox.php in JustWriting 1.0.0 and below allow remote attackers to inject arbitrary web script or HTML via the challenge. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Justwriting
NVD GitHub
CVSS 3.1
6.1
EPSS
3.5%
CVE-2021-41465 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_theme.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41464 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the rel. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41463 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in toos/permissions/dialogs/access/entity/types/group_combination.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41462 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the ctID. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-41461 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in concrete/elements/collection_add.php in concrete5-legacy 5.6.4.0 and below allows remote attackers to inject arbitrary web script or HTML via the mode. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Concrete5 Legacy
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40975 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in application/modules/admin/views/ecommerce/products.php in Ecommerce-CodeIgniter-Bootstrap (Codeigniter 3.1.11, Bootstrap 3.3.7) allows remote attackers to. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Ecommerce Codeigniter Bootstrap
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40973 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the lastname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40972 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the mail parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40971 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword1. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40970 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the username parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40969 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the firstname parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40968 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in templates/installer/step-004.inc.php in spotweb 1.5.1 and below allow remote attackers to inject arbitrary web script or HTML via the newpassword2. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Spotweb
NVD GitHub
CVSS 3.1
6.1
EPSS
2.2%
CVE-2021-40927 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in callback.php in Spotify-for-Alfred 0.13.9 and below allows remote attackers to inject arbitrary web script or HTML via the error parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Alfred Spotify Mini Player
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40926 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in demos/demo.mysqli.php in getID3 1.X and v2.0.0-beta allows remote attackers to inject arbitrary web script or HTML via the showtagfiles parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Getid3
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-40925 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in dompdf/dompdf/www/demo.php infaveo-helpdesk v1.11.0 and below allow remote attackers to inject arbitrary web script or HTML via the $_SERVER["PHP_SELF"]. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Faveo
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40924 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the first_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bugs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40923 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the email parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bugs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40922 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in install/index.php in bugs 1.8 and below version allows remote attackers to inject arbitrary web script or HTML via the last_name parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Bugs
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-40921 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in _contactform.inc.php in Detector 0.8.5 and below version allows remote attackers to inject arbitrary web script or HTML via the cid parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP XSS Detector
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-3710 MEDIUM POC This Month

An information disclosure via path traversal was discovered in apport/hookutils.py function read_file(). Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Path Traversal Information Disclosure Apport
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-3709 MEDIUM POC This Month

Function check_attachment_for_errors() in file data/general-hooks/ubuntu.py could be tricked into exposing private data via a constructed crash file. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Ubuntu Apport
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-36309 MEDIUM PATCH This Month

Dell Enterprise SONiC OS, versions 3.3.0 and earlier, contains a sensitive information disclosure vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity.

Dell Information Disclosure Enterprise Sonic Os
NVD
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-41845 MEDIUM This Month

A SQL injection issue was discovered in ThycoticCentrify Secret Server before 11.0.000007. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Secret Server
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-40928 MEDIUM This Month

Cross-site scripting (XSS) vulnerability in index.php in FlexTV beta development version allows remote attackers to inject arbitrary web script or HTML via the PHP_SELF parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Flextv
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-29109 MEDIUM PATCH This Month

A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Portal For Arcgis
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-38106 MEDIUM This Month

UAX200.dll in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Presentations 2020
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2021-38105 MEDIUM This Month

IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Presentations 2020
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2021-38102 MEDIUM This Month

IPPP82.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Presentations 2020
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2021-38104 MEDIUM This Month

IPPP72.FLT in Corel Presentations 2020 20.0.0.200 is affected by an Out-of-bounds Read vulnerability when parsing a crafted file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Information Disclosure Presentations 2020
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2021-29110 MEDIUM PATCH This Month

Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Portal For Arcgis
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38675 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Image2PDF. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap XSS Image2Pdf
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-34356 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap XSS Photo Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-34355 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP NAS running Photo Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap XSS Photo Station
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-34354 MEDIUM This Month

A cross-site scripting (XSS) vulnerability has been reported to affect QNAP device running Photo Station. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Qnap XSS Photo Station
NVD
CVSS 3.1
5.4
EPSS
0.6%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy