|
200891
|
7.2 |
HIGH
Network
|
moodle
|
moodle
|
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that it was possible for site administrators to execute arbitrary PHP scripts via a PHP include used during Shibboleth authentica…
|
CWE-829
Inclusion of Functionality from Untrusted Control Sphere
|
CVE-2021-20187
|
2024-11-21 14:46 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200892
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.
|
-
|
CVE-2021-20186
|
2024-11-21 14:46 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200893
|
4.3 |
MEDIUM
Network
|
moodle
|
moodle
|
It was found in Moodle before version 3.10.1, 3.9.4 and 3.8.7 that a insufficient capability checks in some grade related web services meant students were able to view other students grades.
|
-
|
CVE-2021-20184
|
2024-11-21 14:46 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200894
|
5.4 |
MEDIUM
Network
|
moodle
|
moodle
|
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.
|
-
|
CVE-2021-20183
|
2024-11-21 14:46 |
2021-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200895
|
6.1 |
MEDIUM
Network
|
aterm
|
wg2600hp_firmware
wg2600hp2_firmware
|
Cross-site scripting vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to inject an arbitrary script via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20622
|
2024-11-21 14:46 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200896
|
8.8 |
HIGH
Network
|
aterm
|
wg2600hp_firmware
wg2600hp2_firmware
|
Cross-site request forgery (CSRF) vulnerability in Aterm WG2600HP firmware Ver1.0.2 and earlier, and Aterm WG2600HP2 firmware Ver1.0.2 and earlier allows remote attackers to hijack the authentication…
|
CWE-352
Origin Validation Error
|
CVE-2021-20621
|
2024-11-21 14:46 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200897
|
6.1 |
MEDIUM
Network
|
aterm
|
wg2600hp_firmware
|
Cross-site scripting vulnerability in Aterm WF800HP firmware Ver1.0.9 and earlier allows remote attackers to inject an arbitrary script via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20620
|
2024-11-21 14:46 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200898
|
5.4 |
MEDIUM
Network
|
ibm
|
rational_quality_manager
rhapsody_design_manager
rational_engineering_lifecycle_manager
rhapsody_model_manager
engineering_workflow_management
collaborative_lifecycle_management
eng…
|
IBM Jazz Foundation products is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potential…
|
CWE-79
Cross-site Scripting
|
CVE-2021-20357
|
2024-11-21 14:46 |
2021-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200899
|
8.1 |
HIGH
Network
|
fasterxml
netapp
apache
debian
oracle
|
jackson-databind
oncommand_insight
service_level_manager
oncommand_api_services
active_iq_unified_manager
nifi
debian_linux
commerce_guided_search_and_experience_manager
|
A flaw was found in jackson-databind before 2.9.10.7. FasterXML mishandles the interaction between serialization gadgets and typing. The highest threat from this vulnerability is to data confidential…
|
-
|
CVE-2021-20190
|
2024-11-21 14:46 |
2021-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
200900
|
6.1 |
MEDIUM
Network
|
weseek
|
growi
|
Cross-site scripting vulnerability in GROWI (v4.2 Series) versions prior to v4.2.3 allows remote attackers to inject an arbitrary script via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2021-20619
|
2024-11-21 14:46 |
2021-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
