Security Vulnerabilities - CVEs Published In October 2021
DedeCMS v7.5 SP2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component tpl.php via the `filename`, `mid`, `userid`, and `templet' parameters.
CVSS Score
6.1
EPSS Score
0.002
Published
2021-10-22
Macrob7 Macs Framework Content Management System - 1.14f was discovered to contain a cross-site scripting (XSS) vulnerability in the search input field of the search module.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-22
SeedDMS Content Management System v6.0.7 contains a persistent cross-site scripting (XSS) vulnerability in the component AddEvent.php via the name and comment parameters.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-22
Fork CMS Content Management System v5.8.0 was discovered to contain a cross-site scripting (XSS) vulnerability in the `Displayname` field when using the `Add`, `Edit` or `Register' functions. This vulnerability allows attackers to execute arbitrary web scripts or HTML.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-22
TAO Open Source Assessment Platform v3.3.0 RC02 was discovered to contain a HTML injection vulnerability in the userFirstName parameter of the user account input field. This vulnerability allows attackers to execute phishing attacks, external redirects, and arbitrary code.
CVSS Score
8.0
EPSS Score
0.004
Published
2021-10-22
Phpgurukul User Registration & User Management System v2.0 was discovered to contain multiple stored cross-site scripting (XSS) vulnerabilities via the firstname and lastname parameters of the registration form & loginsystem input fields.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-22
Catalyst IT Ltd Mahara CMS v19.10.2 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the component groupfiles.php via the Number (Nombre) and Description (DescripciĆ³n) parameters.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-22
A cross-site scripting (XSS) vulnerability in NSK User Agent String Switcher Service v0.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the user agent input field.
CVSS Score
6.1
EPSS Score
0.003
Published
2021-10-22
ANCOM WLAN Controller (Wireless Series & Hotspot) WLC-1000 & WLC-4006 was discovered to contain multiple cross-site scripting (XSS) vulnerabilities in the /authen/start/ module via the userid and password parameters.
CVSS Score
5.4
EPSS Score
0.003
Published
2021-10-22
An issue in the authentication mechanism in Nong Ge File Explorer v1.4 unauthenticated allows to access sensitive data.
CVSS Score
4.6
EPSS Score
0.001
Published
2021-10-22