Security Vulnerabilities - CVEs Published In October 2021
JEECMS x1.1 contains a stored cross-site scripting (XSS) vulnerability in the component of /member-vipcenter.htm, which allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVSS Score
5.4
EPSS Score
0.002
Published
2021-10-07
Zoho ManageEngine ADManager Plus before 7110 is vulnerable to blind XXE.
CVSS Score
9.8
EPSS Score
0.056
Published
2021-10-07
ThinkPHP50-CMS v1.0 contains a remote code execution (RCE) vulnerability in the component /public/?s=captcha.
CVSS Score
9.8
EPSS Score
0.021
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An attacker with valid agent credentials may send a series of crafted requests that cause an endless loop and thus cause denial of service.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. There is stored XSS via a custom Avatar.
CVSS Score
5.4
EPSS Score
0.005
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An Agent account can modify account data, and gain admin access, via a crafted request.
CVSS Score
8.8
EPSS Score
0.005
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. An admin can discover the application secret via the API.
CVSS Score
4.9
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. The Chat functionality allows XSS because clipboard data is mishandled.
CVSS Score
6.1
EPSS Score
0.005
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. The REST API discloses sensitive information.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-07
An issue was discovered in Zammad before 4.1.1. The Form functionality allows remote code execution because deserialization is mishandled.
CVSS Score
9.8
EPSS Score
0.049
Published
2021-10-07