|
194871
|
2.7 |
LOW
Network
|
arangodb
|
arangodb
|
In ArangoDB, versions v3.7.0 through v3.9.0-alpha.1 have a feature which allows downloading a Foxx service from a publicly available URL. This feature does not enforce proper filtering of requests pe…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2021-25939
|
2024-11-21 14:55 |
2022-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194872
|
6.1 |
MEDIUM
Network
|
cacti
|
cacti
|
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2021-26247
|
2024-11-21 14:55 |
2022-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194873
|
3.0 |
LOW
Network
|
kubernetes
|
kubernetes
|
kubectl does not neutralize escape, meta or control sequences contained in the raw data it outputs to a terminal. This includes but is not limited to the unstructured string fields in objects such as…
|
NVD-CWE-Other
|
CVE-2021-25743
|
2024-11-21 14:55 |
2022-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194874
|
8.8 |
HIGH
Network
|
userfrosting
|
userfrosting
|
In Userfrosting, versions v0.3.1 to v4.6.2 are vulnerable to Host Header Injection. By luring a victim application user to click on a link, an unauthenticated attacker can use the “forgot password” f…
|
CWE-74
Injection
|
CVE-2021-25994
|
2024-11-21 14:55 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194875
|
9.8 |
CRITICAL
Network
|
talkyard
|
talkyard
|
In Talkyard, regular versions v0.2021.20 through v0.2021.33 and dev versions v0.2021.20 through v0.2021.34, are vulnerable to Insufficient Session Expiration. This may allow an attacker to reuse the …
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-25981
|
2024-11-21 14:55 |
2022-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194876
|
5.4 |
MEDIUM
Network
|
requarks
|
wiki.js
|
In Requarks wiki.js, versions 2.0.0-beta.147 to 2.5.255 are affected by Stored XSS vulnerability, where a low privileged (editor) user can upload a SVG file that contains malicious JavaScript while u…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25993
|
2024-11-21 14:55 |
2021-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194877
|
7.3 |
HIGH
Network
|
if-me
|
ifme
|
In Ifme, versions v5.0.0 to v7.32 are vulnerable against an improper access control, which makes it possible for admins to ban themselves leading to their deactivation from Ifme account and complete …
|
NVD-CWE-Other
|
CVE-2021-25991
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194878
|
5.4 |
MEDIUM
Network
|
if-me
|
ifme
|
In “ifme”, versions v7.22.0 to v7.31.4 are vulnerable against self-stored XSS in the contacts field as it allows loading XSS payloads fetched via an iframe.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25990
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194879
|
5.4 |
MEDIUM
Network
|
if-me
|
ifme
|
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability in the markdown editor. It can be exploited by making a victim a Leader of a group which triggers the payload for …
|
CWE-79
Cross-site Scripting
|
CVE-2021-25989
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
194880
|
5.4 |
MEDIUM
Network
|
if-me
|
ifme
|
In “ifme”, versions 1.0.0 to v7.31.4 are vulnerable against stored XSS vulnerability (notifications section) which can be directly triggered by sending an ally request to the admin.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25988
|
2024-11-21 14:55 |
2021-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
