Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
CrocoblockJetengine

2 matches found

CVE
CVEadded 2021/08/16 12:15 p.m.46 views

CVE-2021-38607

CVE-2021-38607 affects Crocoblock JetEngine prior to 2.6.1, where XSS is possible via a custom form input by remote authenticated users. The issue stems from an input handling flaw in the plugin component responsible for form data, enabling reflected or stored XSS depending on how the input is pr...

5.4CVSS5AI score0.00605EPSS
CVE
CVEadded 2021/12/15 5:52 a.m.45 views

CVE-2021-41844

CVE-2021-41844 affects Crocoblock JetEngine (pre-2.9.1). The root cause is improper validation and sanitization of form data, enabling unauthenticated or low-privilege abuse via network access as described by the CVE records. NVD lists high/critical impact metrics (C/P/I/A partial to high) with n...

9.8CVSS9.4AI score0.01052EPSS