โผ CVE-2021-37705 โผ
๐ Read
via "National Vulnerability Database".
OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authenticated user from any Azure Active Directory tenant to make authorized API calls to a vulnerable OneFuzz instance. To be vulnerable, a OneFuzz deployment must be both version 2.12.0 or greater and deployed with the non-default --multi_tenant_domain option. This can result in read/write access to private data such as software vulnerability and crash information, security testing tools and proprietary code and symbols. Via authorized API calls, this also enables tampering with existing data and unauthorized code execution on Azure compute resources. This issue is resolved starting in release 2.31.0, via the addition of application-level check of the bearer token's `issuer` against an administrator-configured allowlist. As a workaround users can restrict access to the tenant of a deployed OneFuzz instance < 2.31.0 by redeploying in the default configuration, which omits the `--multi_tenant_domain` option.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38709 โผ
๐ Read
via "National Vulnerability Database".
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via the staff_messaging messaging system for XSS.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-26086 โผ
๐ Read
via "National Vulnerability Database".
Affected versions of Atlassian Jira Server and Data Center allow remote attackers to read particular files via a path traversal vulnerability in the /WEB-INF/web.xml endpoint. The affected versions are before version 8.5.14, from version 8.6.0 before 8.13.6, and from version 8.14.0 before 8.16.1.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38711 โผ
๐ Read
via "National Vulnerability Database".
In gitit before 0.15.0.0, the Export feature can be exploited to leak information from files.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38713 โผ
๐ Read
via "National Vulnerability Database".
imgURL 2.31 allows XSS via an X-Forwarded-For HTTP header.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38712 โผ
๐ Read
via "National Vulnerability Database".
OneNav 0.9.12 allows Information Disclosure of the onenav.db3 contents. NOTE: the vendor's recommended solution is to block the access via an NGINX configuration file.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-38708 โผ
๐ Read
via "National Vulnerability Database".
In ocProducts Composr CMS before 10.0.38, an attacker can inject JavaScript via Comcode for XSS.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24538 โผ
๐ Read
via "National Vulnerability Database".
The Current Book WordPress plugin through 1.0.1 does not sanitize user input when an authenticated user adds Author or Book Title, then does not escape these values when outputting to the browser leading to an Authenticated Stored XSS Cross-Site Scripting issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24527 โผ
๐ Read
via "National Vulnerability Database".
The User Registration & User Profile รยขรขโยฌรขโฌล Profile Builder WordPress plugin before 3.4.9 has a bug allowing any user to reset the password of the admin of the blog, and gain unauthorised access, due to a bypass in the way the reset key is checked. Furthermore, the admin will not be notified of such change by email for example.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24445 โผ
๐ Read
via "National Vulnerability Database".
The My Site Audit WordPress plugin through 1.2.4 does not sanitise or escape the Audit Name field when creating an audit, allowing high privilege users to set JavaScript payloads in them, even when he unfiltered_html capability is disallowed, leading to an authenticated Stored Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24540 โผ
๐ Read
via "National Vulnerability Database".
The Wonder Video Embed WordPress plugin before 1.8 does not escape parameters of its wonderplugin_video shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24536 โผ
๐ Read
via "National Vulnerability Database".
The Custom Login Redirect WordPress plugin through 1.0.0 does not have CSRF check in place when saving its settings, and do not sanitise or escape user input before outputting them back in the page, leading to a Stored Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24519 โผ
๐ Read
via "National Vulnerability Database".
The VikRentCar Car Rental Management System WordPress plugin before 1.1.10 does not sanitise the 'Text Next to Icon' field when adding or editing a Characteristic, allowing high privilege users such as admin to use XSS payload in it, leading to an authenticated Stored Cross-Site Scripting issue๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24471 โผ
๐ Read
via "National Vulnerability Database".
The YouTube Embed WordPress plugin before 5.2.2 does not validate, escape or sanitise some of its shortcode attributes, leading to Stored XSS issues by 1. using w, h, controls, cc_lang, color, language, start, stop, or style parameter of youtube shortcode, 2. by using style, class, rel, target, width, height, or alt parameter of youtube_thumb shortcode, or 3. by embedding a video whose title or description contains XSS payload (if API key is configured).๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24512 โผ
๐ Read
via "National Vulnerability Database".
The Video Posts Webcam Recorder WordPress plugin before 3.2.4 has an authenticated reflected cross site scripting (XSS) vulnerability in one of the administrative functions for handling deletion of videos.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24466 โผ
๐ Read
via "National Vulnerability Database".
The Verse-O-Matic WordPress plugin through 4.1.1 does not have any CSRF checks in place, allowing attackers to make logged in administrators do unwanted actions, such as add/edit/delete arbitrary verses and change the settings. Due to the lack of sanitisation in the settings and verses, this could also lead to Stored Cross-Site Scripting issues๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24410 โผ
๐ Read
via "National Vulnerability Database".
The ร รยฐรยคร รยฑรขโฌ ร รยฐรยฒร รยฑ?ร รยฐรขโฌโร รยฑ? ร รยฐรยฌร รยฑรโ ร รยฐรยฌร รยฐรยฟร รยฐรยฒร รยฑ? ร รยฐรยตร รยฐร
ยกร รยฐรยจร รยฐรยฎร รยฑ?ร รยฐรยฒร รยฑ? WordPress plugin through 1.0 is lacking any CSRF check when saving its settings and verses, and do not sanitise or escape them when outputting them back in the page. This could allow attackers to make a logged in admin change the settings, as well as add malicious verses containing JavaScript code in them, leading to Stored XSS issues๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24541 โผ
๐ Read
via "National Vulnerability Database".
The Wonder PDF Embed WordPress plugin before 1.7 does not escape parameters of its wonderplugin_pdf shortcode, which could allow users with a role as low as Contributor to perform Stored XSS attacks.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24534 โผ
๐ Read
via "National Vulnerability Database".
The PhoneTrack Meu Site Manager WordPress plugin through 0.1 does not sanitise or escape its "php_id" setting before outputting it back in an attribute in the page, leading to a stored Cross-Site Scripting issue.๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24411 โผ
๐ Read
via "National Vulnerability Database".
The Social Tape WordPress plugin through 1.0 does not have CSRF checks in place when saving its settings, and do not sanitise or escape them before outputting them back in the page, leading to a stored Cross-Site Scripting issue via a CSRF attack๐ Read
via "National Vulnerability Database".
โผ CVE-2021-24363 โผ
๐ Read
via "National Vulnerability Database".
The Photo Gallery by 10Web รยขรขโยฌรขโฌล Mobile-Friendly Image Gallery WordPress plugin before 1.5.75 did not ensure that uploaded files are kept inside its uploads folder, allowing high privilege users to put images/SVG anywhere in the filesystem via a path traversal vector๐ Read
via "National Vulnerability Database".