Skip to main content
CVE-2021-35323 MEDIUM POC This Month

Cross Site Scripting (XSS) vulnerability exists in bludit 3-13-1 via the username in admin/login. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Bludit
NVD GitHub Exploit-DB
CVSS 3.1
6.1
EPSS
5.6%
CVE-2021-33988 MEDIUM POC PATCH This Month

Cross Site Scripting (XSS). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Microweber
NVD GitHub
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-3863 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-3879 MEDIUM POC PATCH This Month

snipe-it is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Snipe It
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-3851 MEDIUM POC PATCH This Month

firefly-iii is vulnerable to URL Redirection to Untrusted Site. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Open Redirect Firefly Iii
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-31352 MEDIUM POC This Month

An Information Exposure vulnerability in Juniper Networks SRC Series devices configured for NETCONF over SSH permits the negotiation of weak ciphers, which could allow a remote attacker to obtain. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Juniper Session And Resource Control
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-39355 MEDIUM POC This Month

The Indeed Job Importer WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Indeed Job Importer
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39343 MEDIUM POC This Month

The MPL-Publisher WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Mpl Publisher
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-39329 MEDIUM POC This Month

The JobBoardWP WordPress plugin is vulnerable to Stored Cross-Site Scripting due to insufficient input validation and sanitization via several parameters found in the. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS PHP Jobboardwp
NVD GitHub
CVSS 3.1
4.8
EPSS
1.0%
CVE-2021-41150 MEDIUM PATCH This Month

Tough provides a set of Rust libraries and tools for using and generating the update framework (TUF) repositories. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal Tough
NVD GitHub
CVSS 3.1
6.5
EPSS
1.2%
CVE-2021-31370 MEDIUM PATCH This Month

An Incomplete List of Disallowed Inputs vulnerability in Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on QFX5000 Series and EX4600 Series allows an adjacent unauthenticated attacker. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31367 MEDIUM PATCH This Month

A Missing Release of Memory after Effective Lifetime vulnerability in the Packet Forwarding Engine (PFE) of Juniper Networks Junos OS on PTX Series allows an adjacent attacker to cause a Denial of. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31366 MEDIUM PATCH This Month

An Unchecked Return Value vulnerability in the authd (authentication daemon) of Juniper Networks Junos OS on MX Series configured for subscriber management / BBE allows an adjacent attacker to cause. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31365 MEDIUM This Month

An Uncontrolled Resource Consumption vulnerability in Juniper Networks Junos OS on EX2300, EX3400 and EX4300 Series platforms allows an adjacent attacker sending a stream of layer 2 frames will. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31363 MEDIUM PATCH This Month

In an MPLS P2MP environment a Loop with Unreachable Exit Condition vulnerability in the routing protocol daemon (RPD) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-31362 MEDIUM This Month

A Protection Mechanism Failure vulnerability in RPD (routing protocol daemon) of Juniper Networks Junos OS and Junos OS Evolved allows an adjacent unauthenticated attacker to cause established IS-IS. Rated medium severity (CVSS 6.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.4%
CVE-2021-0297 MEDIUM This Month

A vulnerability in the processing of TCP MD5 authentication in Juniper Networks Junos OS Evolved may allow a BGP or LDP session configured with MD5 authentication to succeed, even if the peer does. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos Os Evolved
NVD
CVSS 3.1
6.5
EPSS
0.7%
CVE-2021-3746 MEDIUM PATCH This Month

A flaw was found in the libtpms code that may cause access beyond the boundary of internal buffers. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Buffer Overflow vulnerability could allow attackers to corrupt memory to execute arbitrary code or crash the application.

Buffer Overflow Libtpms Fedora Enterprise Linux
NVD
CVSS 3.1
6.5
EPSS
0.9%
CVE-2021-20836 MEDIUM PATCH This Month

Out-of-bounds read vulnerability in CX-Supervisor v4.0.0.13 and v4.0.0.16 allows an attacker with administrative privileges to cause information disclosure and/or arbitrary code execution by opening. Rated medium severity (CVSS 6.5), this vulnerability is low attack complexity.

Buffer Overflow RCE Information Disclosure Cx Supervisor
NVD
CVSS 3.1
6.5
EPSS
0.8%
CVE-2021-26589 MEDIUM This Month

A potential security vulnerability has been identified in HPE Superdome Flex Servers. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Superdome Flex Firmware Superdome Flex 280 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-38466 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 do not perform sufficient input validation on client requests from the help page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-31386 MEDIUM This Month

A Protection Mechanism Failure vulnerability in the J-Web HTTP service of Juniper Networks Junos OS allows a remote unauthenticated attacker to perform Person-in-the-Middle (PitM) attacks against the. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.9
EPSS
0.7%
CVE-2021-31364 MEDIUM PATCH This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with a Race Condition in the flow daemon (flowd) of Juniper Networks Junos OS on SRX300 Series, SRX500 Series, SRX1500,. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Race Condition Juniper Junos
NVD
CVSS 3.1
5.9
EPSS
0.6%
CVE-2021-31377 MEDIUM This Month

An Incorrect Permission Assignment for Critical Resource vulnerability of a certain file in the filesystem of Junos OS allows a local authenticated attacker to cause routing process daemon (RPD) to. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-27001 MEDIUM This Month

Clustered Data ONTAP versions 9.x prior to 9.5P18, 9.6P16, 9.7P16, 9.8P7 and 9.9.1P2 are susceptible to a vulnerability which could allow an authenticated privileged local attacker to arbitrarily. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Clustered Data Ontap
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30850 MEDIUM This Month

An access issue was addressed with improved access restrictions. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS Tvos
NVD
CVSS 3.1
5.5
EPSS
0.9%
CVE-2021-30845 MEDIUM This Month

An out-of-bounds read was addressed with improved bounds checking. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure macOS
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-30828 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Mac Os X macOS
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-30819 MEDIUM This Month

An out-of-bounds read was addressed with improved input validation. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Apple Information Disclosure Ipados Iphone Os +1
NVD
CVSS 3.1
5.5
EPSS
0.8%
CVE-2021-30811 MEDIUM This Month

This issue was addressed with improved checks. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Apple Information Disclosure Ipados Iphone Os Mac Os X +2
NVD
CVSS 3.1
5.5
EPSS
0.3%
CVE-2021-31373 MEDIUM This Month

A persistent Cross-Site Scripting (XSS) vulnerability in Juniper Networks Junos OS on SRX Series, J-Web interface may allow a remote authenticated user to inject persistent and malicious scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-31355 MEDIUM PATCH This Month

A persistent cross-site scripting (XSS) vulnerability in the captive portal graphical user interface of Juniper Networks Junos OS may allow a remote authenticated user to inject web script or HTML. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

XSS Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.4
EPSS
0.8%
CVE-2021-29912 MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 is vulnerable to cross-site scripting. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

IBM XSS Security Risk Manager On Cp4S
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-36832 MEDIUM This Month

WordPress Popups, Welcome Bar, Optins and Lead Generation Plugin - Icegram (versions <= 2.0.2) vulnerable at "Headline" (&message_data[16][headline]) input. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress XSS Icegram Engage
NVD
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-25968 MEDIUM PATCH This Month

In “OpenCMS”, versions 10.5.0 to 11.0.2 are affected by a stored XSS vulnerability that allows low privileged application users to store malicious scripts in the Sitemap functionality. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Opencms
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-31380 MEDIUM PATCH This Month

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Information Disclosure Juniper Session And Resource Control
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2021-31375 MEDIUM This Month

An Improper Input Validation vulnerability in routing process daemon (RPD) of Juniper Networks Junos OS devices configured with BGP origin validation using Resource Public Key Infrastructure (RPKI),. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-31371 MEDIUM This Month

Juniper Networks Junos OS uses the 128.0.0.0/2 subnet for internal communications between the RE and PFEs. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-31369 MEDIUM This Month

On MX Series platforms with MS-MPC/MS-MIC, an Allocation of Resources Without Limits or Throttling vulnerability in Juniper Networks Junos OS allows an unauthenticated network attacker to cause a. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-31361 MEDIUM PATCH This Month

An Improper Check for Unusual or Exceptional Conditions vulnerability combined with Improper Handling of Exceptional Conditions in Juniper Networks Junos OS on QFX Series and PTX Series allows an. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Denial Of Service Juniper Junos
NVD
CVSS 3.1
5.3
EPSS
1.0%
CVE-2021-41140 MEDIUM PATCH This Month

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Resource to Wrong Sphere vulnerability could allow attackers to access resources from an unintended security context.

Information Disclosure Discourse Reactions
NVD GitHub
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-38476 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 authentication process response indicates and validates the existence of a username. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Ir615 Firmware
NVD
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-38911 MEDIUM PATCH This Month

IBM Security Risk Manager on CP4S 1.7.0.0 stores user credentials in plain clear text which can be read by a an authenticatedl privileged user. Rated medium severity (CVSS 4.9), this vulnerability is remotely exploitable, low attack complexity.

IBM Information Disclosure Security Risk Manager On Cp4S
NVD
CVSS 3.1
4.9
EPSS
0.5%
CVE-2021-32664 MEDIUM PATCH This Month

Combodo iTop is an open source web based IT Service Management tool. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Itop
NVD GitHub
CVSS 3.1
4.8
EPSS
0.8%
CVE-2021-38482 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 website used to control the router is vulnerable to stored cross-site scripting, which may allow an attacker to hijack sessions of. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-38468 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 are vulnerable to stored cross-scripting, which may allow an attacker to hijack sessions of users connected to the system. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2021-0298 MEDIUM This Month

A Race Condition in the 'show chassis pic' command in Juniper Networks Junos OS Evolved may allow an attacker to crash the port interface concentrator daemon (picd) process on the FPC, if the command. Rated medium severity (CVSS 4.7). No vendor patch available.

Denial Of Service Race Condition Juniper Junos Os Evolved
NVD
CVSS 3.1
4.7
EPSS
0.2%
CVE-2021-38472 MEDIUM This Month

InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 management portal does not contain an X-FRAME-OPTIONS header, which an attacker may take advantage of by sending a link to an. Rated medium severity (CVSS 4.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Ir615 Firmware
NVD
CVSS 3.1
4.7
EPSS
0.7%
CVE-2021-30810 MEDIUM This Month

An authorization issue was addressed with improved state management. Rated medium severity (CVSS 4.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Apple Authentication Bypass Ipados Iphone Os Tvos +1
NVD
CVSS 3.1
4.3
EPSS
0.5%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy