Skip to main content
CVE-2021-45473 MEDIUM POC This Month

In MediaWiki through 1.37, Wikibase item descriptions allow XSS, which is triggered upon a visit to an action=info URL (aka a page-information sidebar). Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.2%
CVE-2021-3977 MEDIUM POC PATCH This Month

invoiceninja is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Invoice Ninja
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2021-4072 MEDIUM POC PATCH This Month

elgg is vulnerable to Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'). Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Elgg
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2021-20876 MEDIUM This Month

Path traversal vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows an attacker with an. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Path Traversal Groupsession
NVD
CVSS 3.1
6.8
EPSS
1.0%
CVE-2021-20875 MEDIUM This Month

Open redirect vulnerability in GroupSession Free edition ver5.1.1 and earlier, GroupSession byCloud ver5.1.1 and earlier, and GroupSession ZION ver5.1.1 and earlier allows a remote unauthenticated. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Open Redirect Groupsession
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2021-45474 MEDIUM This Month

In MediaWiki through 1.37, the Special:ImportFile URI (aka FileImporter) allows XSS, as demonstrated by the clientUrl parameter. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-45472 MEDIUM This Month

In MediaWiki through 1.37, XSS can occur in Wikibase because an external identifier property can have a URL format that includes a $1 formatter substitution marker, and the javascript: URL scheme. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Mediawiki Fedora
NVD
CVSS 3.1
6.1
EPSS
1.0%
CVE-2021-45480 MEDIUM PATCH This Month

An issue was discovered in the Linux kernel before 5.15.11. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. This Memory Leak vulnerability could allow attackers to exhaust available memory leading to denial of service.

Linux Information Disclosure Linux Kernel Debian Linux
NVD GitHub
CVSS 3.1
5.5
EPSS
0.4%
CVE-2021-45471 MEDIUM This Month

In MediaWiki through 1.37, blocked IP addresses are allowed to edit EntitySchema items. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Mediawiki Fedora
NVD
CVSS 3.1
5.3
EPSS
1.2%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy