v.26.4.2314

Medium Severity Vulnerabilities

Found 8734 vulnerabilities at Medium severity.

Vulnerability Name

CVE

CWE

Severity

XWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3137)

CVE-2021-3137

CWE-707

Medium

Django Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-3281)

CVE-2021-3281

CWE-22

Medium

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3298)

CVE-2021-3298

CWE-707

Medium

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3313)

CVE-2021-3313

CWE-707

Medium

GlassFish Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3314)

CVE-2021-3314

CWE-707

Medium

PostgreSQL Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2021-3393)

CVE-2021-3393

CWE-209

Medium

Python Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-3426)

CVE-2021-3426

CWE-200

Medium

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2021-3449)

CVE-2021-3449

CWE-476

Medium

Jboss EAP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3536)

CVE-2021-3536

CWE-707

Medium

EspoCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3539)

CVE-2021-3539

CWE-707

Medium

Undertow Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)

CVE-2021-3597

CWE-362

Medium

Jboss EAP Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2021-3597)

CVE-2021-3597

CWE-362

Medium

Jboss EAP Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2021-3642)

CVE-2021-3642

-

Medium

PostgreSQL CVE-2021-3677 Vulnerability (CVE-2021-3677)

CVE-2021-3677

-

Medium

Python Uncontrolled Resource Consumption Vulnerability (CVE-2021-3733)

CVE-2021-3733

CWE-400

Medium

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3783)

CVE-2021-3783

CWE-707

Medium

YOURLS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3785)

CVE-2021-3785

CWE-707

Medium

OpenVPN AS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-3824)

CVE-2021-3824

CWE-707

Medium

Elgg Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3964)

CVE-2021-3964

CWE-639

Medium

Dolibarr Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-3991)

CVE-2021-3991

CWE-639

Medium

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40214)

CVE-2021-40214

CWE-707

Medium

SharePoint CVE-2021-40486 Vulnerability (CVE-2021-40486)

CVE-2021-40486

-

Medium

GibbonEdu Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40492)

CVE-2021-40492

CWE-707

Medium

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40678)

CVE-2021-40678

CWE-707

Medium

Moodle CVE-2021-40691 Vulnerability (CVE-2021-40691)

CVE-2021-40691

-

Medium

Moodle Incorrect Authorization Vulnerability (CVE-2021-40692)

CVE-2021-40692

CWE-863

Medium

Moodle Improper Authentication Vulnerability (CVE-2021-40693)

CVE-2021-40693

CWE-287

Medium

Moodle Improper Encoding or Escaping of Output Vulnerability (CVE-2021-40694)

CVE-2021-40694

CWE-116

Medium

Moodle CVE-2021-40695 Vulnerability (CVE-2021-40695)

CVE-2021-40695

-

Medium

Piwigo Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40882)

CVE-2021-40882

CWE-707

Medium

ProjectSend Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-40886)

CVE-2021-40886

CWE-22

Medium

ProjectSend Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-40888)

CVE-2021-40888

CWE-707

Medium

TYPO3 Improper Neutralization of HTTP Headers for Scripting Syntax Vulnerability (CVE-2021-41114)

CVE-2021-41114

CWE-644

Medium

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)

CVE-2021-41164

CWE-707

Medium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41164)

CVE-2021-41164

CWE-707

Medium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165)

CVE-2021-41165

CWE-707

Medium

CKEditor Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41165)

CVE-2021-41165

CWE-707

Medium

Grafana Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41174)

CVE-2021-41174

CWE-707

Medium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41182)

CVE-2021-41182

CWE-707

Medium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41183)

CVE-2021-41183

CWE-707

Medium

WebLogic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

jQuery UI Autocomplete Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

jQuery UI Dialog Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41184)

CVE-2021-41184

CWE-707

Medium

Atlassian Jira Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41304)

CVE-2021-41304

CWE-707

Medium

Atlassian Jira Improper Authentication Vulnerability (CVE-2021-41308)

CVE-2021-41308

CWE-287

Medium

silverstripeCMS Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion') Vulnerability (CVE-2021-41559)

CVE-2021-41559

CWE-776

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41798)

CVE-2021-41798

CWE-707

Medium

MediaWiki Allocation of Resources Without Limits or Throttling Vulnerability (CVE-2021-41800)

CVE-2021-41800

CWE-770

Medium

Artifactory Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2021-41834)

CVE-2021-41834

CWE-732

Medium

MyBB Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-41866)

CVE-2021-41866

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42041)

CVE-2021-42041

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42042)

CVE-2021-42042

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42043)

CVE-2021-42043

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42044)

CVE-2021-42044

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42045)

CVE-2021-42045

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42046)

CVE-2021-42046

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42047)

CVE-2021-42047

CWE-707

Medium

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42048)

CVE-2021-42048

CWE-707

Medium

MediaWiki CVE-2021-42049 Vulnerability (CVE-2021-42049)

CVE-2021-42049

-

Medium

AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42050)

CVE-2021-42050

CWE-707

Medium

AbanteCart Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42051)

CVE-2021-42051

CWE-707

Medium

Mailman Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2021-42096)

CVE-2021-42096

CWE-307

Medium

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42112)

CVE-2021-42112

CWE-707

Medium

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-42220)

CVE-2021-42220

CWE-707

Medium

SharePoint CVE-2021-42294 Vulnerability (CVE-2021-42294)

CVE-2021-42294

-

Medium