Skip to main content
CVE-2021-3882 MEDIUM POC PATCH This Month

LedgerSMB does not set the 'Secure' attribute on the session authorization cookie when the client uses HTTPS and the LedgerSMB server is behind a reverse proxy. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, no authentication required. Public exploit code available.

Nginx Apache Information Disclosure Ledgersmb
NVD GitHub
CVSS 3.1
6.8
EPSS
0.9%
CVE-2020-19964 MEDIUM POC This Month

A Cross Site Request Forgery (CSRF) vulnerability was discovered in PHPMyWind 5.6 which allows attackers to create a new administrator account without authentication. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF Phpmywind
NVD GitHub VulDB
CVSS 3.1
6.5
EPSS
0.6%
CVE-2021-42227 MEDIUM POC This Month

Cross SIte Scripting (XSS) vulnerability exists in KindEditor 4.1.x via a Google search inurl:/examples/uploadbutton.html and then the .html file on the website that uses this editor (the file suffix. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google XSS Kindeditor
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-22963 MEDIUM POC PATCH This Month

A redirect vulnerability in the fastify-static module version < 4.2.4 allows remote attackers to redirect users to arbitrary websites via a double slash // followed by a domain:. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Google Open Redirect Fastify Static
NVD
CVSS 3.1
6.1
EPSS
1.1%
CVE-2021-38344 MEDIUM POC This Month

The Brizy Page Builder plugin <= 2.3.11 for WordPress was vulnerable to stored XSS by lower-privileged users such as a subscribers. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Brizy Page Builder
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-38345 MEDIUM This Month

The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Brizy Page Builder
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-33178 MEDIUM This Month

The Manage Backgrounds functionality within NagVis versions prior to 1.9.29 is vulnerable to an authenticated path traversal vulnerability. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Nagvis
NVD
CVSS 3.1
6.5
EPSS
1.8%
CVE-2021-32569 MEDIUM This Month

In OSS-RC systems of the release 18B and older customer documentation browsing libraries under ALEX are subject to Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Ericsson XSS Operations Support System Radio And Core Firmware
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-41132 MEDIUM PATCH This Month

OMERO.web provides a web based client and plugin infrastructure. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

XSS Omero Figure Omero Web
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-33179 MEDIUM This Month

The general user interface in Nagios XI versions prior to 5.8.4 is vulnerable to authenticated reflected cross-site scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Nagios Xi
NVD
CVSS 3.1
6.1
EPSS
4.3%
CVE-2021-36387 MEDIUM This Month

In Yellowfin before 9.6.1 there is a Stored Cross-Site Scripting vulnerability in the video embed functionality exploitable through a specially crafted HTTP POST request to the page. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Yellowfin
NVD GitHub
CVSS 3.1
5.4
EPSS
1.4%
CVE-2021-41142 MEDIUM PATCH This Month

Tuleap Open ALM is a libre and open source tool for end to end traceability of application and system developments. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Tuleap
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-32571 MEDIUM This Month

In OSS-RC systems of the release 18B and older during data migration procedures certain files containing usernames and passwords are left in the system undeleted but in folders accessible by top. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Ericsson Information Disclosure Operations Support System Radio And Core Firmware
NVD
CVSS 3.1
4.9
EPSS
0.8%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy