CVE-2021-36169

A Hidden Functionality in Fortinet FortiOS 7.x before 7.0.1, FortiOS 6.4.x before 6.4.7 allows attacker to Execute unauthorized code or commands via specific hex read/write operations...

CVE-2021-42549 reflected XSS in search functionality of WP Cloud Plugins - Lets-Box

Insufficient Input Validation in the search functionality of Wordpress plugin Lets-Box prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42548 reflected XSS in search functionality of WP Cloud Plugins - Share-one-Drive

Insufficient Input Validation in the search functionality of Wordpress plugin Share-one-Drive prior to 1.15.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42547 reflected XSS in search functionality of WP Cloud Plugins - Out-of-the-Box

Insufficient Input Validation in the search functionality of Wordpress plugin Out-of-the-Box prior to 1.20.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

CVE-2021-42546

The CVE-2021-42546 entry concerns WordPress plugin Use-Your-Drive (versions

CVE-2021-42546 Reflected XSS in search functionality of WP Cloud Plugins - Use-Your-Drive

Insufficient Input Validation in the search functionality of Wordpress plugin Use-Your-Drive prior to 1.18.3 allows unauthenticated user to craft a reflected Cross-Site Scripting attack...

Out of the Box < 1.20.3 - Reflected Cross-Site Scripting

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack...

Share One Drive < 1.15.3 - Reflected Cross-Site Scripting

Insufficient Input Validation in the search functionality of the plugin allows attackers to perform a reflected Cross-Site Scripting attack...

Cross-site Scripting (XSS) - Reflected in yeswiki/yeswiki

Description Hey all, i found that the search function of YesWiki integrates the searched term into a value attribute inside an input tag, for example if i do a search on sneaky for example, it will put the term sneaky inside a value attribute: html now if i add a double quote to the searched term...

Over a Dozen Malicious NPM Packages Caught Hijacking Discord Servers

At least 17 malware-laced packages have been discovered on the NPM package Registry, adding to a recent barrage of malicious software hosted and delivered through open-source software repositories such as PyPi and RubyGems. DevOps firm JFrog said the libraries, now taken down, were designed to gr...

CVE-2021-21957

A privilege escalation vulnerability exists in the Remote Server functionality of Dream Report ODS Remote Connector 20.2.16900.0. A specially-crafted command injection can lead to elevated capabilities. An attacker can provide a malicious file to trigger this vulnerability...

CVE-2021-23861

By executing a special command, an user with administrative rights can get access to extended debug functionality on the VRM allowing an impact on integrity or availability of the installed software. This issue also affects installations of the DIVAR IP and BVMS with VRM installed...

depositToken != rewardToken

Handle pauliax Vulnerability details Impact function createStream should validate that depositToken != rewardToken, otherwise, some functionality may not work as intended, e.g. in function recoverTokens it will become impossible to reach the second 'if' statement. Recommended Mitigation Steps...

Cross-site Scripting (XSS) - Stored in elgg/elgg

Analysis Hello guys, how are doing? Hope you're having an awesome day 🤗 Elgg has a functionality for any authenticated user to report pages to the administrators whenever they think that there's something wrong going on with this page. This functionality has an issue, because in order to create a...

Ubuntu 20.04 LTS : Linux kernel (OEM) vulnerabilities (USN-5165-1)

The remote Ubuntu 20.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5165-1 advisory. It was discovered that the NFC subsystem in the Linux kernel contained a use-after-free vulnerability in its NFC Controller Interface NCI implementation....

CVE-2021-43319

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality...

Command injection

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality...

CVE-2021-43319

Zoho ManageEngine Network Configuration Manager before 125488 is vulnerable to command injection due to improper validation in the Ping functionality...

Cross site scripting

Persistent Cross Site Scripting in Web Applications operating on Business-DNA Solutions GmbH’s TopEase® Platform Version = 7.1.27 via the Search Functionality allows authenticated users with Object Modification privileges to inject arbitrary HTML and JavaScript in object attributes, which is...

CVE-2021-42119

CVE-2021-42119 describes a persistent cross-site scripting vulnerability in Business-DNA Solutions GmbH TopEase platform (version ≤ 7.1.27) exposed through the Search Functionality. The issue arises when authenticated users with Object Modification privileges can inject arbitrary HTML/JavaScript ...