Skip to main content
CVE-2021-43543 MEDIUM This Month

Documents loaded with the CSP sandbox directive could have escaped the sandbox's script restriction by embedding additional content. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-43532 MEDIUM This Month

The 'Copy Image Link' context menu action would copy the final image URL after redirects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Open Redirect Firefox
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-43530 MEDIUM This Month

A Universal XSS vulnerability was present in Firefox for Android resulting from improper sanitization when processing a URL scanned from a QR code. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Google XSS Mozilla Firefox
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-23860 MEDIUM This Month

An error in a page handler of the VRM may lead to a reflected cross site scripting (XSS) in the web-based interface. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Bosch Video Management System Video Recording Manager
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-36720 MEDIUM This Month

PineApp - Mail Secure - Attacker sending a request to :/blocking.php?url=<script>alert(1)</script> and stealing cookies . Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Mail Secure
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-36188 MEDIUM This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-25520 MEDIUM This Month

Insecure caller check and input validation vulnerabilities in SearchKeyword deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to execute script codes in Samsung Internet. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Samsung Information Disclosure Internet
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2021-43063 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
6.1
EPSS
0.9%
CVE-2021-43064 MEDIUM PATCH This Month

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and 6.4.0, version 6.3.15 and below, version 6.2.6 and below allows attacker to use the device as a proxy and. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Open Redirect Fortinet Fortiweb
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-41015 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to execute unauthorized code or. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinet Fortiweb
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31850 MEDIUM This Month

A denial-of-service vulnerability in Database Security (DBS) prior to 4.8.4 allows a remote authenticated administrator to trigger a denial-of-service attack against the DBS server. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Microsoft Path Traversal Information Disclosure Database Security
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-44726 MEDIUM This Month

KNIME Server before 4.13.4 allows XSS via the old WebPortal login page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Knime Server
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-3370 MEDIUM This Month

DouPHP v1.6 was discovered to contain a cross-site scripting (XSS) vulnerability via /admin/cloud.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

PHP XSS Douphp
NVD GitHub
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-25526 MEDIUM This Month

Intent redirection vulnerability in Samsung Blockchain Wallet prior to version 1.3.02.8 allows attacker to execute privileged action. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Blockchain Wallet
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-36191 MEDIUM PATCH This Month

A url redirection to untrusted site ('open redirect') in Fortinet FortiWeb version 6.4.1 and below, 6.3.15 and below allows attacker to use the device as proxy via crafted GET parameters in requests. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity.

Open Redirect Fortinet Fortiweb
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-42752 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to execute malicious javascript code on victim's. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinet Fortiwlm
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41029 MEDIUM PATCH This Month

A improper neutralization of input during web page generation ('cross-site scripting') in Fortinet FortiWLM version 8.6.1 and below allows attacker to store malicious javascript code in the device. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Fortinet Fortiwlm
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-41013 MEDIUM PATCH This Month

An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Incorrect Authorization vulnerability could allow attackers to bypass authorization checks to access restricted resources.

Fortinet Authentication Bypass Fortiweb
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-37093 MEDIUM This Month

There is a Improper Access Control vulnerability in Huawei Smartphone.Successful exploitation of this vulnerability may lead to attackers steal short messages. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Huawei Information Disclosure Harmonyos Emui Magic Ui
NVD
CVSS 3.1
5.3
EPSS
0.5%
CVE-2021-32591 MEDIUM PATCH This Month

A missing cryptographic steps vulnerability in the function that encrypts users' LDAP and RADIUS credentials in FortiSandbox before 4.0.1, FortiWeb before 6.3.12, FortiADC before 6.2.1, FortiMail. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable.

Fortinet Information Disclosure Fortiadc Fortimail Fortisandbox +1
NVD
CVSS 3.1
5.3
EPSS
0.9%
CVE-2021-41309 MEDIUM This Month

Affected versions of Atlassian Jira Server and Data Center allow a user who has had their Jira Service Management access revoked to export audit logs of another user's Jira Service Management project. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Atlassian Authentication Bypass Jira Software Data Center
NVD
CVSS 3.1
5.3
EPSS
0.8%
CVE-2021-43546 MEDIUM This Month

It was possible to recreate previous cursor spoofing attacks against users with a zoomed native cursor. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.3
EPSS
1.4%
CVE-2021-43538 MEDIUM This Month

By misusing a race in our notification code, an attacker could have forcefully hidden the notification for pages that had received full screen and pointer lock access, which could have been used for. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Race Condition Firefox Firefox Esr +2
NVD
CVSS 3.1
4.3
EPSS
1.2%
CVE-2021-43533 MEDIUM This Month

When parsing internationalized domain names, high bits of the characters in the URLs were sometimes stripped, resulting in inconsistencies that could lead to user confusion or attacks such as. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.5%
CVE-2021-43531 MEDIUM This Month

When a user loaded a Web Extensions context menu, the Web Extension could access the post-redirect URL of the element clicked. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla Information Disclosure Firefox
NVD
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-38509 MEDIUM This Month

Due to an unusual sequence of attacker-controlled events, a Javascript alert() dialog with arbitrary (although unstyled) contents could be displayed over top an uncontrolled webpage of the attacker's. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-38508 MEDIUM This Month

By displaying a form validity message in the correct location at the same time as a permission prompt (such as for geolocation), the validity message could have obscured the prompt, resulting in the. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-38506 MEDIUM This Month

Through a series of navigations, Firefox could have entered fullscreen mode without notification or warning to the user. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Mozilla XSS Firefox Firefox Esr Thunderbird +1
NVD
CVSS 3.1
4.3
EPSS
1.5%
CVE-2021-25527 LOW Monitor

Improper export of Android application components vulnerability in Samsung Pay (India only) prior to version 4.1.77 allows attacker to access Bill Pay and Recharge menu without authentication. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Google Samsung Information Disclosure Pay
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25524 LOW Monitor

Insecure storage of device information in Contacts prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Contacts
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25523 LOW Monitor

Insecure storage of device information in Samsung Dialer prior to version 12.7.05.24 allows attacker to get Samsung Account ID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Information Disclosure Dialer
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25522 LOW Monitor

Insecure storage of sensitive information vulnerability in Smart Capture prior to version 4.8.02.10 allows attacker to access victim's captured images without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Smart Capture
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25521 LOW Monitor

Insecure caller check in sharevia deeplink logic prior to Samsung Internet 16.0.2 allows unstrusted applications to get current tab URL in Samsung Internet. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Samsung Authentication Bypass Internet
NVD
CVSS 3.1
3.3
EPSS
0.2%
CVE-2021-25519 LOW Monitor

An improper access control vulnerability in CPLC prior to SMR Dec-2021 Release 1 allows local attackers to access CPLC information without permission. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Information Disclosure Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-25515 LOW Monitor

An improper usage of implicit intent in SemRewardManager prior to SMR Dec-2021 Release 1 allows attackers to access BSSID. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Android
NVD
CVSS 3.1
3.3
EPSS
0.1%
CVE-2021-25513 LOW Monitor

An improper privilege management vulnerability in Apps Edge application prior to SMR Dec-2021 Release 1 allows unauthorized access to some device data on the lockscreen. Rated low severity (CVSS 2.4), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Android
NVD
CVSS 3.1
2.4
EPSS
0.1%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy