|
196331
|
6.1 |
MEDIUM
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.3 to v1.8.30, are vulnerable to stored Cross-Site Scripting (XSS) at the “post reply” section. An unauthenticated attacker can exe…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25984
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196332
|
6.1 |
MEDIUM
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) forum plugin, versions v1.3.8 to v1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “tags” and “category” parameters in the URL. An unauth…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25983
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196333
|
6.1 |
MEDIUM
Network
|
darwin
|
factor
|
In Factor (App Framework & Headless CMS) forum plugin, versions 1.3.5 to 1.8.30, are vulnerable to reflected Cross-Site Scripting (XSS) at the “search” parameter in the URL. An unauthenticated attack…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25982
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196334
|
8.8 |
HIGH
Network
|
janeczku
|
calibre-web
|
In Calibre-web, versions 0.6.0 to 0.6.13 are vulnerable to Cross-Site Request Forgery (CSRF). By luring an authenticated user to click on a link, an attacker can create a new user role with admin pri…
|
CWE-352
Origin Validation Error
|
CVE-2021-25965
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196335
|
8.0 |
HIGH
Network
|
arangodb
|
arangodb
|
In ArangoDB, versions v3.7.6 through v3.8.3 are vulnerable to Insufficient Session Expiration. When a user’s password is changed by the administrator, the session isn’t invalidated, allowing a malici…
|
CWE-613
Insufficient Session Expiration
|
CVE-2021-25940
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196336
|
8.1 |
HIGH
Network
|
dotnetfoundation
|
piranha_cms
|
In PiranhaCMS, versions 4.0.0-alpha1 to 9.2.0 are vulnerable to cross-site request forgery (CSRF) when performing various actions supported by the management system, such as deleting a user, deleting…
|
CWE-352
Origin Validation Error
|
CVE-2021-25976
|
2024-11-21 14:55 |
2021-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196337
|
8.8 |
HIGH
Network
|
talkyard
|
talkyard
|
In Talkyard, versions v0.04.01 through v0.6.74-WIP-63220cb, v0.2020.22-WIP-b2e97fe0e through v0.2021.02-WIP-879ef3fe1 and tyse-v0.2021.02-879ef3fe1-regular through tyse-v0.2021.28-af66b6905-regular, …
|
CWE-74
Injection
|
CVE-2021-25980
|
2024-11-21 14:55 |
2021-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196338
|
5.4 |
MEDIUM
Network
|
publify_project
|
publify
|
In publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS as a result of an unrestricted file upload. This issue allows a user with “publisher” role to inject malicious JavaScript via the uplo…
|
CWE-79
Cross-site Scripting
|
CVE-2021-25975
|
2024-11-21 14:55 |
2021-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196339
|
5.4 |
MEDIUM
Network
|
publify_project
|
publify
|
In Publify, versions v8.0 to v9.2.4 are vulnerable to stored XSS. A user with a “publisher” role is able to inject and execute arbitrary JavaScript code while creating a page/article.
|
CWE-79
Cross-site Scripting
|
CVE-2021-25974
|
2024-11-21 14:55 |
2021-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
196340
|
9.8 |
CRITICAL
Network
|
apostrophecms
|
apostrophecms
|
Apostrophe CMS versions prior to 3.3.1 did not invalidate existing login sessions when disabling a user account or changing the password, creating a situation in which a device compromised by a third…
|
-
|
CVE-2021-25979
|
2024-11-21 14:55 |
2021-11-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
