CVE-2021-27673Severity: MEDIUMBase Score: 4.8CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NSourceLast Modified: 2022/05/23 22:42:00 | ||
---|---|---|
Description: Cross Site Scripting (XSS) in the "admin_boxes.ajax.php" component of Tribal Systems Zenario CMS v8.8.52729 allows remote attackers to execute arbitrary code by injecting arbitrary HTML into the "cID" parameter when creating a new HTML component. |
CVE-2021-24122Severity: MEDIUMBase Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NSourceLast Modified: 2022/05/23 22:41:00 | ||
---|---|---|
Description: When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause was the unexpected behaviour of the JRE API File.getCanonicalPath() which in turn was caused by the inconsistent behaviour of the Windows API (FindFirstFileW) in some circumstances. |
CVE-2021-27291Severity: HIGHBase Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HSourceLast Modified: 2022/05/23 22:35:00 | ||
---|---|---|
Description: In pygments 1.1+, fixed in 2.7.4, the lexers used to parse programming languages rely heavily on regular expressions. Some of the regular expressions have exponential or cubic worst-case complexity and are vulnerable to ReDoS. By crafting malicious input, an attacker can cause a denial of service. |
CVE-2021-27308Severity: MEDIUMBase Score: 4.8CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:NSourceLast Modified: 2022/05/23 22:32:00 | ||
---|---|---|
Description: A cross-site scripting (XSS) vulnerability in the admin login panel in 4images version 1.8 allows remote attackers to inject JavaScript via the "redirect" parameter. |
CVE-2021-27358Severity: HIGHBase Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HSourceLast Modified: 2022/05/23 22:32:00 | ||
---|---|---|
Description: The snapshot feature in Grafana 6.7.3 through 7.4.1 can allow an unauthenticated remote attackers to trigger a Denial of Service via a remote API call if a commonly used configuration is set. |