Security Vulnerabilities - CVEs Published In October 2021
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?&m=Public&a=login.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-05
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php/Link/addsave.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-05
waimai Super Cms 20150505 contains a cross-site scripting (XSS) vulnerability in the component /admin.php?m=Config&a=add.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-05
User controlled parameters related to SMTP notifications are not correctly validated. This can lead to a buffer overflow resulting in crashes and data leakage.
CVSS Score
6.8
EPSS Score
0.006
Published
2021-10-05
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to bypass blocked network recipients.
CVSS Score
7.5
EPSS Score
0.001
Published
2021-10-05
A user controlled parameter related to SMTP test functionality is not correctly validated making it possible to add the Carriage Return and Line Feed (CRLF) control characters and include arbitrary SMTP headers in the generated test email.
CVSS Score
8.8
EPSS Score
0.01
Published
2021-10-05
A Cross-Site Scripting (XSS) attack can cause arbitrary code (JavaScript) to run in a user’s browser while the browser is connected to a trusted website. The attack targets your application's users and not the application itself while using your application as the attack's vehicle. The XSS payload executes whenever the user changes the form values or deletes a created form in Zoho CRM Lead Magnet Version 1.7.2.4.
CVSS Score
5.4
EPSS Score
0.022
Published
2021-10-05
DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions >= > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-94jg-2p6q-5364
CVSS Score
6.5
EPSS Score
0.004
Published
2021-10-05
BT: Possible to overwrite an existing bond during keys distribution phase when the identity address of the bond is known. Zephyr versions >= 1.14.2, >= 2.4.0, >= 2.5.0 contain Use of Multiple Resources with Duplicate Identifier (CWE-694). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-j76f-35mc-4h63
CVSS Score
4.3
EPSS Score
0.003
Published
2021-10-05
Zephyr JSON decoder incorrectly decodes array of array. Zephyr versions >= >1.14.0, >= >2.5.0 contain Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see https://github.com/zephyrproject-rtos/zephyr/security/advisories/GHSA-289f-7mw3-2qf4
CVSS Score
7.5
EPSS Score
0.003
Published
2021-10-05