Security Vulnerabilities - CVEs Published In July 2021
Multiple stored cross site scripting (XSS) vulnerabilities in the "Register" module of House Rental and Property Listing 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in all text fields except for Phone Number and Alternate Phone Number.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-23
Multiple stored cross site scripting (XSS) vulnerabilities in the "Update Profile" module of Online Doctor Appointment System 1.0 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payloads in the First Name, Last Name, and Address text fields.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-07-23
All versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.
CVSS Score
8.1
EPSS Score
0.039
Published
2021-07-23
A stored cross site scripting (XSS) vulnerability in the /sys/attachment/uploaderServlet component of Landray EKP V12.0.9.R.20160325 allows attackers to execute arbitrary web scripts or HTML via a crafted SVG, SHTML, or MHT file.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-07-23
Arbitrary file upload vulnerability in Victor CMS v 1.0 allows attackers to execute arbitrary code via the file upload to \CMSsite-master\admin\includes\admin_add_post.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-07-23
Cross-site scripting (XSS) vulnerability in SourceCodester E-Commerce Website v 1.0 allows remote attackers to inject arbitrary web script or HTM via the subject field to feedback_process.php.
CVSS Score
5.4
EPSS Score
0.001
Published
2021-07-23
Arbitrary file upload vulnerability in SourceCodester Responsive Ordering System v 1.0 allows attackers to execute arbitrary code via the file upload to Product_model.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-07-23
Arbitrary file upload vulnerability in SourceCodester Travel Management System v 1.0 allows attackers to execute arbitrary code via the file upload to updatepackage.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-07-23
SQL injection vulnerability in Learning Management System v 1.0 allows remote attackers to execute arbitrary SQL statements through the id parameter to obtain sensitive database information.
CVSS Score
7.5
EPSS Score
0.002
Published
2021-07-23
Arbitrary file upload vulnerability in SourceCodester E-Commerce Website v 1.0 allows attackers to execute arbitrary code via the file upload to prodViewUpdate.php.
CVSS Score
9.8
EPSS Score
0.01
Published
2021-07-23