Skip to main content
CVE-2021-44471 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “name” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
0.7%
CVE-2021-36885 MEDIUM This Month

Unauthenticated Stored Cross-Site Scripting (XSS) vulnerability discovered in Contact Form 7 Database Addon - CFDB7 WordPress plugin (versions <= 1.2.6.1). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress XSS Contact Form 7 Database Addon
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-31558 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to stored cross-site scripting when an unauthenticated user injects arbitrary code into the parameter “descr” of the script. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
10.6%
CVE-2021-23228 MEDIUM This Month

DIAEnergie Version 1.7.5 and prior is vulnerable to a reflected cross-site scripting attack through error pages that are returned by “.NET Request.QueryString”. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Diaenergie
NVD
CVSS 3.1
6.1
EPSS
0.6%
CVE-2021-44030 MEDIUM This Month

Quest KACE Desktop Authority before 11.2 allows XSS because it does not prevent untrusted HTML from reaching the jQuery.htmlPrefilter method of jQuery. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Kace Desktop Authority
NVD
CVSS 3.1
6.1
EPSS
4.2%
CVE-2021-45257 MEDIUM This Month

An infinite loop vulnerability exists in nasm 2.16rc0 via the gpaste_tokens function. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.7%
CVE-2021-45256 MEDIUM This Month

A Null Pointer Dereference vulnerability existfs in nasm 2.16rc0 via asm/preproc.c. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Netwide Assembler
NVD
CVSS 3.1
5.5
EPSS
0.6%
CVE-2021-40836 MEDIUM This Month

A vulnerability affecting F-Secure antivirus engine was discovered whereby scanning MS outlook .pst files can lead to denial-of-service. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Microsoft Information Disclosure Atlant Internet Gatekeeper Linux Security +3
NVD
CVSS 3.1
5.5
EPSS
0.5%
CVE-2021-44028 MEDIUM This Month

XXE can occur in Quest KACE Desktop Authority before 11.2 because the log4net configuration file might be controlled by an attacker, a related issue to CVE-2018-1285. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Kace Desktop Authority
NVD
CVSS 3.1
5.5
EPSS
3.0%
CVE-2021-43853 MEDIUM PATCH This Month

Ajax.NET Professional (AjaxPro) is an AJAX framework available for Microsoft ASP.NET. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

Microsoft XSS Ajax Net Professional
NVD GitHub
CVSS 3.1
5.4
EPSS
0.8%
Prev Page 3 of 3

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy