|
194701
|
7.2 |
HIGH
Network
|
taogogo
|
taocms
|
Taocms v2.5Beta5 was discovered to contain a blind SQL injection vulnerability via the function Article Search.
|
CWE-89
SQL Injection
|
CVE-2021-25783
|
2024-11-21 14:55 |
2021-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194702
|
5.4 |
MEDIUM
Network
|
okfn
|
ckan
|
In CKAN, versions 2.9.0 to 2.9.3 are affected by a stored XSS vulnerability via SVG file upload of users’ profile picture. This allows low privileged application users to store malicious scripts in t…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25967
|
2024-11-21 14:55 |
2021-12-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194703
|
4.6 |
MEDIUM
Local
|
hexo
|
hexo
|
Hexo versions 0.0.1 to 5.4.0 are vulnerable against stored XSS. The post “body” and “tags” don’t sanitize malicious javascript during web page generation. Local unprivileged attacker can inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25987
|
2024-11-21 14:55 |
2021-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194704
|
5.4 |
MEDIUM
Network
|
django-wiki_project
|
django-wiki
|
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the ti…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25986
|
2024-11-21 14:55 |
2021-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194705
|
5.5 |
MEDIUM
Local
|
philips
|
mri_3t_firmware
mri_1.5t_firmware
|
Philips MRI 1.5T and MRI 3T Version 5.x.x assigns an owner who is outside the intended control sphere to a resource.
|
-
|
CVE-2021-26248
|
2024-11-21 14:55 |
2021-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194706
|
9.8 |
CRITICAL
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) v1.0.4 to v1.8.30, improperly invalidate a user’s session even after the user logs out of the application. In addition, user sessions are stored in the browse…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-25985
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194707
|
6.1 |
MEDIUM
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can exe…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25984
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194708
|
6.1 |
MEDIUM
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauth…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25983
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194709
|
6.1 |
MEDIUM
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attack…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25982
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194710
|
8.8 |
HIGH
Network
|
janeczku
|
calibre-web
|
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin pri…
|
CWE-352
Origin Validation Error
|
CVE-2021-25965
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
