Security Vulnerabilities - CVEs Published In May 2021
A Cross SIte Scripting (XSS) vulnerability exists in Dhcms 2017-09-18 in guestbook via the message board, which could let a remote malicious user execute arbitrary code.
CVSS Score
6.1
EPSS Score
0.004
Published
2021-05-12
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/signup/update' via the 'surname' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-12
Knowage Suite 7.3 is vulnerable to Stored Cross-Site Scripting (XSS). An attacker can inject arbitrary web script in '/knowage/restful-services/documentnotes/saveNote' via the 'nota' parameter.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-05-12
Knowage Suite 7.3 is vulnerable to unauthenticated reflected cross-site scripting (XSS). An attacker can inject arbitrary web script in '/servlet/AdapterHTTP' via the 'targetService' parameter.
CVSS Score
6.1
EPSS Score
0.03
Published
2021-05-12
Knowage Suite 7.3 is vulnerable to Stored Client-Side Template Injection in '/knowage/restful-services/signup/update' via the 'name' parameter.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-05-12
Speco Web Viewer through 2021-05-12 allows Directory Traversal via GET request for a URI with /.. at the beginning, as demonstrated by reading the /etc/passwd file.
CVSS Score
7.5
EPSS Score
0.004
Published
2021-05-12
A NULL pointer dereference vulnerability exists in eXcall_api.c in Antisip eXosip2 through 5.2.0 when handling certain 3xx redirect responses.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-05-12
An Arbitrary File Upload vulnerability was discovered in the Golo Laravel theme v 1.1.5.
CVSS Score
9.8
EPSS Score
0.004
Published
2021-05-12
A flaw was found in samba. Spaces used in a string around a domain name (DN), while supposed to be ignored, can cause invalid DN strings with spaces to instead write a zero-byte into out-of-bounds memory, resulting in a crash. The highest threat from this vulnerability is to system availability.
CVSS Score
7.5
EPSS Score
0.072
Published
2021-05-12
A flaw was found in keycloak. Directories can be created prior to the Java process creating them in the temporary directory, but with wider user permissions, allowing the attacker to have access to the contents that keycloak stores in this directory. The highest threat from this vulnerability is to data confidentiality and integrity.
CVSS Score
7.3
EPSS Score
0.0
Published
2021-05-12