2 matches found
CVE-2021-44228
CVE-2021-44228 (Log4Shell) affects Apache Log4j2 2.0-beta9 through 2.15.0 (excluding some security releases) and is specific to log4j-core. The vulnerability arises from JNDI features used in configuration, log messages, and parameters, which can be exploited when an attacker can control log mess...
CVE-2019-16024
Cisco Crosswork Change Automation web-based management interface is vulnerable to cross-site scripting (XSS) due to insufficient input validation. An unauthenticated, remote attacker could entice a user to click a crafted link, potentially executing arbitrary script in the user’s browser or acces...