Auto Generated cves.json [Thu Feb 16 05:59:29 UTC 2023] 🤖

patch-1
GitHub Action 2023-02-16 05:59:29 +00:00
parent 6485ba53a9
commit c9d7bf4500
1 changed files with 1 additions and 0 deletions

View File

@ -1101,6 +1101,7 @@
{"ID":"CVE-2021-3002","Info":{"Name":"Seo Panel 4.8.0 - Cross-Site Scripting","Severity":"medium","Description":"Seo Panel 4.8.0 contains a reflected cross-site scripting vulnerability via the seo/seopanel/login.php?sec=forgot email parameter.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-3002.yaml"}
{"ID":"CVE-2021-30049","Info":{"Name":"SysAid Technologies 20.3.64 b14 - Cross-Site Scripting","Severity":"medium","Description":"SysAid 20.3.64 b14 contains a cross-site scripting vulnerability via the /KeepAlive.jsp?stamp= URI.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30049.yaml"}
{"ID":"CVE-2021-30128","Info":{"Name":"Apache OFBiz \u003c17.12.07 - Arbitrary Code Execution","Severity":"critical","Description":"Apache OFBiz has unsafe deserialization prior to 17.12.07 version","Classification":{"CVSSScore":"9.8"}},"file_path":"cves/2021/CVE-2021-30128.yaml"}
{"ID":"CVE-2021-30134","Info":{"Name":"php-mod/curl Library - Cross-Site Scripting","Severity":"medium","Description":"php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php.\n","Classification":{"CVSSScore":"N/A"}},"file_path":"cves/2021/CVE-2021-30134.yaml"}
{"ID":"CVE-2021-30151","Info":{"Name":"Sidekiq \u003c=6.2.0 - Cross-Site Scripting","Severity":"medium","Description":"Sidekiq through 5.1.3 and 6.x through 6.2.0 contains a cross-site scripting vulnerability via the queue name of the live-poll feature when Internet Explorer is used.","Classification":{"CVSSScore":"6.1"}},"file_path":"cves/2021/CVE-2021-30151.yaml"}
{"ID":"CVE-2021-3017","Info":{"Name":"Intelbras WIN 300/WRN 342 - Credentials Disclosure","Severity":"high","Description":"Intelbras WIN 300 and WRN 342 devices through 2021-01-04 allows remote attackers to discover credentials by reading the def_wirelesspassword line in the HTML source code.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3017.yaml"}
{"ID":"CVE-2021-3019","Info":{"Name":"ffay lanproxy Directory Traversal","Severity":"high","Description":"ffay lanproxy 0.1 is susceptible to a directory traversal vulnerability that could let attackers read /../conf/config.properties to obtain credentials for a connection to the intranet.","Classification":{"CVSSScore":"7.5"}},"file_path":"cves/2021/CVE-2021-3019.yaml"}