CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 3 and 3.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
351 CVE-2021-32754 611 2021-07-12 2021-07-15
3.5
None Remote Medium ??? Partial None None
FlowDroid is a data flow analysis tool. FlowDroid versions prior to 2.9.0 contained an XML external entity (XXE) vulnerability that allowed an attacker who had control over the source/sink definition file in XML format to read files from external locations. In order for this to occur, the XML-based format for sources and sinks had to be used and the attacker had to able control the source/sink definition file. The vulnerability was patched in version 2.9.0. As a workaround, do not allow untrusted entities to control the source/sink definition file.
352 CVE-2021-32750 200 +Info 2021-07-15 2021-07-27
3.5
None Remote Medium ??? Partial None None
MuWire is a file publishing and networking tool that protects the identity of its users by using I2P technology. Users of MuWire desktop client prior to version 0.8.8 can be de-anonymized by an attacker who knows their full ID. An attacker could send a message with a subject line containing a URL with an HTML image tag and the MuWire client would try to fetch that image via clearnet, thus exposing the IP address of the user. The problem is fixed in MuWire 0.8.8. As a workaround, users can disable messaging functionality to prevent other users from sending them malicious messages.
353 CVE-2021-32746 22 Dir. Trav. 2021-07-12 2021-07-15
3.5
None Remote Medium ??? Partial None None
Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Between versions 2.3.0 and 2.8.2, the `doc` module of Icinga Web 2 allows to view documentation directly in the UI. It must be enabled manually by an administrator and users need explicit access permission to use it. Then, by visiting a certain route, it is possible to gain access to arbitrary files readable by the web-server user. The issue has been fixed in the 2.9.0, 2.8.3, and 2.7.5 releases. As a workaround, an administrator may disable the `doc` module or revoke permission to use it from all users.
354 CVE-2021-32737 79 XSS 2021-07-02 2021-07-09
3.5
None Remote Medium ??? None Partial None
Sulu is an open-source PHP content management system based on the Symfony framework. In versions of Sulu prior to 1.6.41, it is possible for a logged in admin user to add a script injection (cross-site-scripting) in the collection title. The problem is patched in version 1.6.41. As a workaround, one may manually patch the affected JavaScript files in lieu of updating.
355 CVE-2021-32735 79 +Priv XSS 2021-07-02 2021-07-06
3.5
None Remote Medium ??? None Partial None
Kirby is a content management system. In Kirby CMS versions 3.5.5 and 3.5.6, the Panel's `ListItem` component (used in the pages and files section for example) displayed HTML in page titles as it is. This could be used for cross-site scripting (XSS) attacks. Malicious authenticated Panel users can escalate their privileges if they get access to the Panel session of an admin user. Visitors without Panel access can use the attack vector if the site allows changing site data from a frontend form. Kirby 3.5.7 patches the vulnerability. As a partial workaround, site administrators can protect against attacks from visitors without Panel access by validating or sanitizing provided data from the frontend form.
356 CVE-2021-32719 79 Exec Code XSS 2021-06-28 2021-07-02
3.5
None Remote Medium ??? None Partial None
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in the RabbitMQ management UI via the `rabbitmq_federation_management` plugin, its consumer tag was rendered without proper <script> tag sanitization. This potentially allows for JavaScript code execution in the context of the page. The user must be signed in and have elevated permissions (manage federation upstreams and policies) for this to occur. The vulnerability is patched in RabbitMQ 3.8.18. As a workaround, disable the `rabbitmq_federation_management` plugin and use [CLI tools](https://www.rabbitmq.com/cli.html) instead.
357 CVE-2021-32718 79 Exec Code XSS 2021-06-28 2021-12-03
3.5
None Remote Medium ??? None Partial None
RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management UI could lead to the user's bane being rendered in a confirmation message without proper `<script>` tag sanitization, potentially allowing for JavaScript code execution in the context of the page. In order for this to occur, the user must be signed in and have elevated permissions (other user management). The vulnerability is patched in RabbitMQ 3.8.17. As a workaround, disable `rabbitmq_management` plugin and use CLI tools for management operations and Prometheus and Grafana for metrics and monitoring.
358 CVE-2021-32713 79 XSS 2021-06-24 2021-07-01
3.5
None Remote Medium ??? None Partial None
Shopware is an open source eCommerce platform. Versions prior to 5.6.10 suffer from an authenticated stored XSS in administration vulnerability. Users are recommend to update to the version 5.6.10. You can get the update to 5.6.10 regularly via the Auto-Updater or directly via the download overview.
359 CVE-2021-32681 79 XSS 2021-06-17 2021-06-23
3.5
None Remote Medium ??? None Partial None
Wagtail is an open source content management system built on Django. A cross-site scripting vulnerability exists in versions 2.13-2.13.1, versions 2.12-2.12.4, and versions prior to 2.11.8. When the `{% include_block %}` template tag is used to output the value of a plain-text StreamField block (`CharBlock`, `TextBlock` or a similar user-defined block derived from `FieldBlock`), and that block does not specify a template for rendering, the tag output is not properly escaped as HTML. This could allow users to insert arbitrary HTML or scripting. This vulnerability is only exploitable by users with the ability to author StreamField content (i.e. users with 'editor' access to the Wagtail admin). Patched versions have been released as Wagtail 2.11.8 (for the LTS 2.11 branch), Wagtail 2.12.5, and Wagtail 2.13.2 (for the current 2.13 branch). As a workaround, site implementors who are unable to upgrade to a current supported version should audit their use of `{% include_block %}` to ensure it is not used to output `CharBlock` / `TextBlock` values with no associated template. Note that this only applies where `{% include_block %}` is used directly on that block (uses of `include_block` on a block _containing_ a CharBlock / TextBlock, such as a StructBlock, are unaffected). In these cases, the tag can be replaced with Django's `{{ ... }}` syntax - e.g. `{% include_block my_title_block %}` becomes `{{ my_title_block }}`.
360 CVE-2021-32669 79 XSS 2021-07-20 2021-07-29
3.5
None Remote Medium ??? None Partial None
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When settings for _backend layouts_ are not properly encoded, the corresponding grid view is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this vulnerability.
361 CVE-2021-32668 79 XSS 2021-07-20 2021-07-29
3.5
None Remote Medium ??? None Partial None
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When error messages are not properly encoded, the components _QueryGenerator_ and _QueryView_ are vulnerable to both reflected and persistent cross-site scripting. A valid backend user account having administrator privileges is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
362 CVE-2021-32667 79 XSS 2021-07-20 2021-07-29
3.5
None Remote Medium ??? None Partial None
TYPO3 is an open source PHP based web content management system. Versions 9.0.0 through 9.5.28, 10.0.0 through 10.4.17, and 11.0.0 through 11.3.0 have a cross-site scripting vulnerability. When _Page TSconfig_ settings are not properly encoded, corresponding page preview module (_Web>View_) is vulnerable to persistent cross-site scripting. A valid backend user account is needed to exploit this vulnerability. TYPO3 versions 9.5.29, 10.4.18, 11.3.1 contain a patch for this issue.
363 CVE-2021-32664 79 XSS 2021-10-19 2021-10-22
3.5
None Remote Medium ??? None Partial None
Combodo iTop is an open source web based IT Service Management tool. In affected versions there is a XSS vulnerability on "run query" page when logged as administrator. This has been resolved in versions 2.6.5 and 2.7.5.
364 CVE-2021-32662 22 Dir. Trav. 2021-06-03 2021-06-21
3.5
None Remote Medium ??? Partial None None
Backstage is an open platform for building developer portals, and techdocs-common contains common functionalities for Backstage's TechDocs. In `@backstage/techdocs-common` versions prior to 0.6.3, a malicious actor could read sensitive files from the environment where TechDocs documentation is built and published by setting a particular path for `docs_dir` in `mkdocs.yml`. These files would then be available over the TechDocs backend API. This vulnerability is mitigated by the fact that an attacker would need access to modify the `mkdocs.yml` in the documentation source code, and would also need access to the TechDocs backend API. The vulnerability is patched in the `0.6.3` release of `@backstage/techdocs-common`.
365 CVE-2021-32659 306 2021-06-16 2021-07-09
3.5
None Remote Medium ??? None Partial None
Matrix-appservice-bridge is the bridging service for the Matrix communication program's application services. In versions 2.6.0 and earlier, if a bridge has room upgrade handling turned on in the configuration (the `roomUpgradeOpts` key when instantiating a new `Bridge` instance.), any `m.room.tombstone` event it encounters will be used to unbridge the current room and bridge into the target room. However, the target room `m.room.create` event is not checked to verify if the `predecessor` field contains the previous room. This means that any malicious admin of a bridged room can repoint the traffic to a different room without the new room being aware. Versions 2.6.1 and greater are patched. As a workaround, disabling the automatic room upgrade handling can be done by removing the `roomUpgradeOpts` key from the `Bridge` class options.
366 CVE-2021-32655 2021-06-01 2021-06-11
3.5
None Remote Medium ??? Partial None None
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist.
367 CVE-2021-32644 79 XSS 2021-06-22 2021-06-29
3.5
None Remote Medium ??? None Partial None
Ampache is an open source web based audio/video streaming application and file manager. Due to a lack of input filtering versions 4.x.y are vulnerable to code injection in random.php. The attack requires user authentication to access the random.php page unless the site is running in demo mode. This issue has been resolved in 4.4.3.
368 CVE-2021-32624 200 Bypass +Info 2021-05-24 2021-05-28
3.5
None Remote Medium ??? Partial None None
Keystone 5 is an open source CMS platform to build Node.js applications. This security advisory relates to a newly discovered capability in our query infrastructure to directly or indirectly expose the values of private fields, bypassing the configured access control. This is an access control related oracle attack in that the attack method guides an attacker during their attempt to reveal information they do not have access to. The complexity of completing the attack is limited by some length-dependent behaviors and the fidelity of the exposed information. Under some circumstances, field values or field value meta data can be determined, despite the field or list having `read` access control configured. If you use private fields or lists, you may be impacted. No patches exist at this time. There are no workarounds at this time
369 CVE-2021-32610 59 2021-07-30 2021-09-25
3.6
None Local Low Not required Partial Partial None
In Archive_Tar before 1.4.14, symlinks can refer to targets outside of the extracted archive, a different vulnerability than CVE-2020-36193.
370 CVE-2021-32609 79 XSS 2021-10-18 2021-10-22
3.5
None Remote Medium ??? None Partial None
Apache Superset up to and including 1.1 does not sanitize titles correctly on the Explore page. This allows an attacker with Explore access to save a chart with a malicious title, injecting html (including scripts) into the page.
371 CVE-2021-32597 79 XSS 2021-08-06 2021-08-13
3.5
None Remote Medium ??? None Partial None
Multiple improper neutralization of input during web page generation (CWE-79) in FortiManager and FortiAnalyzer versions 7.0.0, 6.4.5 and below, 6.2.7 and below user interface, may allow a remote authenticated attacker to perform a Stored Cross Site Scripting attack (XSS) by injecting malicious payload in GET parameters.
372 CVE-2021-32575 2021-06-17 2021-06-22
3.3
None Local Network Low Not required None Partial None
HashiCorp Nomad and Nomad Enterprise up to version 1.0.4 bridge networking mode allows ARP spoofing from other bridged tasks on the same node. Fixed in 0.12.12, 1.0.5, and 1.1.0 RC1.
373 CVE-2021-32573 79 XSS 2021-05-11 2021-05-21
3.5
None Remote Medium ??? None Partial None
** DISPUTED ** The express-cart package through 1.1.10 for Node.js allows Reflected XSS (for an admin) via a user input field for product options. NOTE: the vendor states that this "would rely on an admin hacking his/her own website."
374 CVE-2021-32557 59 2021-06-12 2021-06-23
3.6
None Local Low Not required None Partial Partial
It was discovered that the process_report() function in data/whoopsie-upload-all allowed arbitrary file writes via symlinks.
375 CVE-2021-32544 79 XSS 2021-05-11 2021-05-14
3.5
None Remote Medium ??? None Partial None
Special characters of IGT search function in igt+ are not filtered in specific fields, which allow remote authenticated attackers can inject malicious JavaScript and carry out DOM-based XSS (Cross-site scripting) attacks.
376 CVE-2021-32540 79 XSS 2021-05-28 2021-06-08
3.5
None Remote Medium ??? None Partial None
Add announcement function in the 101EIP system does not filter special characters, which allows authenticated users to inject JavaScript and perform a stored XSS attack.
377 CVE-2021-32539 79 XSS 2021-05-28 2021-06-08
3.5
None Remote Medium ??? None Partial None
Add event in calendar function in the 101EIP system does not filter special characters in specific fields, which allows remote authenticated users to inject JavaScript and perform a stored XSS attack.
378 CVE-2021-32496 326 2021-06-28 2021-07-02
3.5
None Remote Medium ??? Partial None None
SICK Visionary-S CX up version 5.21.2.29154R are vulnerable to an Inadequate Encryption Strength vulnerability concerning the internal SSH interface solely used by SICK for recovering returned devices. The use of weak ciphers make it easier for an attacker to break the security that protects information transmitted from the client to the SSH server, assuming the attacker has access to the network on which the device is connected. This can increase the risk that encryption will be compromised, leading to the exposure of sensitive user information and man-in-the-middle attacks.
379 CVE-2021-32489 190 Overflow 2021-05-10 2021-05-19
3.5
None Remote Medium ??? None None Partial
An issue was discovered in the _send_secure_msg() function of Yubico yubihsm-shell through 2.0.3. The function does not correctly validate the embedded length field of an authenticated message received from the device because response_msg.st.len=8 can be accepted but triggers an integer overflow, which causes CRYPTO_cbc128_decrypt (in OpenSSL) to encounter an undersized buffer and experience a segmentation fault. The yubihsm-shell project is included in the YubiHSM 2 SDK product.
380 CVE-2021-32456 319 2021-05-17 2021-05-25
3.3
None Local Network Low Not required Partial None None
SITEL CAP/PRX firmware version 5.2.01 allows an attacker with access to the local network of the device to obtain the authentication passwords by analysing the network traffic.
381 CVE-2021-32245 79 XSS 2021-06-16 2021-06-23
3.5
None Remote Medium ??? None Partial None
In PageKit v1.0.18, a user can upload SVG files in the file upload portion of the CMS. These SVG files can contain malicious scripts. This file will be uploaded to the system and it will not be stripped or filtered. The user can create a link on the website pointing to "/storage/exp.svg" that will point to http://localhost/pagekit/storage/exp.svg. When a user comes along to click that link, it will trigger a XSS attack.
382 CVE-2021-32244 79 XSS 2021-06-16 2021-06-21
3.5
None Remote Medium ??? None Partial None
Cross Site Scripting (XSS) in Moodle 3.10.3 allows remote attackers to execute arbitrary web script or HTML via the "Description" field.
383 CVE-2021-32106 79 Exec Code XSS 2021-06-08 2021-09-16
3.5
None Remote Medium ??? None Partial None
In ICEcoder 8.0 allows, a reflected XSS vulnerability was identified in the multipe-results.php page due to insufficient sanitization of the _GET['replace'] variable. As a result, arbitrary Javascript code can get executed.
384 CVE-2021-32103 79 XSS 2021-05-07 2021-05-11
3.5
None Remote Medium ??? None Partial None
A Stored XSS vulnerability in interface/usergroup/usergroup_admin.php in OpenEMR before 5.0.2.1 allows a admin authenticated user to inject arbitrary web script or HTML via the lname parameter.
385 CVE-2021-32015 862 +Priv 2021-06-08 2021-06-21
3.6
None Local Low Not required Partial Partial None
In Nuvoton NPCT75x TPM 1.2 firmware 7.4.0.0, a local authenticated malicious user with high privileges could potentially gain unauthorized access to TPM non-volatile memory. NOTE: Upgrading to firmware version 7.4.0.1 will mitigate against the vulnerability, but version 7.4.0.1 is not TCG or Common Criteria (CC) certified. Nuvoton recommends that users apply the NPCT75x TPM 1.2 firmware update.
386 CVE-2021-31989 312 2021-08-25 2021-09-01
3.5
None Remote Medium ??? Partial None None
A user with permission to log on to the machine hosting the AXIS Device Manager client could under certain conditions extract a memory dump from the built-in Windows Task Manager application. The memory dump may potentially contain credentials of connected Axis devices.
387 CVE-2021-31961 269 2021-07-14 2021-09-20
3.6
None Local Low Not required None Partial Partial
Windows InstallService Elevation of Privilege Vulnerability
388 CVE-2021-31908 79 XSS 2021-05-11 2021-05-13
3.5
None Remote Medium ??? None Partial None
In JetBrains TeamCity before 2020.2.3, stored XSS was possible on several pages.
389 CVE-2021-31848 79 XSS 2021-11-01 2021-11-03
3.5
None Remote Medium ??? None Partial None
Cross site scripting (XSS) vulnerability in McAfee Data Loss Prevention (DLP) ePO extension prior to 11.7.100 allows a remote attacker to highjack an active DLP ePO administrator session by convincing the logged in administrator to click on a carefully crafted link in the case management part of the DLP ePO extension.
390 CVE-2021-31836 269 +Priv 2021-09-22 2021-09-29
3.6
None Local Low Not required Partial Partial None
Improper privilege management vulnerability in maconfig for McAfee Agent for Windows prior to 5.7.4 allows a local user to gain access to sensitive information. The utility was able to be run from any location on the file system and by a low privileged user.
391 CVE-2021-31834 79 XSS 2021-10-22 2021-10-25
3.5
None Remote Medium ??? None Partial None
Stored Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 11 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized.
392 CVE-2021-31832 79 Exec Code XSS 2021-06-09 2021-06-22
3.5
None Remote Medium ??? None Partial None
Improper Neutralization of Input in the ePO administrator extension for McAfee Data Loss Prevention (DLP) Endpoint for Windows prior to 11.6.200 allows a remote ePO DLP administrator to inject JavaScript code into the alert configuration text field. This JavaScript will be executed when an end user triggers a DLP policy on their machine.
393 CVE-2021-31830 79 XSS 2021-06-03 2021-06-11
3.5
None Remote Medium ??? None Partial None
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in McAfee Database Security (DBSec) prior to 4.8.2 allows an administrator to embed JavaScript code when configuring the name of a database to be monitored. This would be triggered when any authorized user logs into the DBSec interface and opens the properties configuration page for this database.
394 CVE-2021-31813 79 XSS 2021-07-01 2021-09-21
3.5
None Remote Medium ??? None Partial None
Zoho ManageEngine Applications Manager before 15130 is vulnerable to Stored XSS while importing malicious user details (e.g., a crafted user name) from AD.
395 CVE-2021-31792 79 XSS 2021-04-30 2021-05-03
3.5
None Remote Medium ??? None Partial None
XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
396 CVE-2021-31712 79 XSS 2021-04-24 2021-09-09
3.5
None Remote Medium ??? None Partial None
react-draft-wysiwyg (aka React Draft Wysiwyg) before 1.14.6 allows a javascript: URi in a Link Target of the link decorator in decorators/Link/index.js when a draft is shared across users, leading to XSS.
397 CVE-2021-31643 79 XSS 2021-06-01 2021-06-08
3.5
None Remote Medium ??? None Partial None
An XSS vulnerability exists in several IoT devices from CHIYU Technology, including SEMAC, Biosense, BF-630, BF-631, and Webpass due to a lack of sanitization on the component if.cgi - username parameter.
398 CVE-2021-31613 2021-09-07 2021-09-09
3.3
None Local Network Low Not required None None Partial
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle the reception of a truncated LMP packet during the LMP auto rate procedure, allowing attackers in radio range to immediately crash (and restart) a device via a crafted LMP packet.
399 CVE-2021-31611 2021-09-07 2021-09-13
3.3
None Local Network Low Not required None None Partial
The Bluetooth Classic implementation on Zhuhai Jieli AC690X and AC692X devices does not properly handle an out-of-order LMP Setup procedure that is followed by a malformed LMP packet, allowing attackers in radio range to deadlock a device via a crafted LMP packet. The user needs to manually reboot the device to restore communication.
400 CVE-2021-31609 2021-09-07 2021-09-20
3.3
None Local Network Low Not required None None Partial
The Bluetooth Classic implementation in Silicon Labs iWRAP 6.3.0 and earlier does not properly handle the reception of an oversized LMP packet greater than 17 bytes, allowing attackers in radio range to trigger a crash in WT32i via a crafted LMP packet.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.