Search
Total
46623 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-14042 | 1 Codiad | 1 Codiad | 2021-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| ** PRODUCT NOT SUPPORTED WHEN ASSIGNED ** A Cross Site Scripting (XSS) vulnerability was found in Codiad v1.7.8 and later. The vulnerability occurs because of improper sanitization of the folder's name $path variable in components/filemanager/class.filemanager.php. NOTE: the vendor states "Codiad is no longer under active maintenance by core contributors." | |||||
| CVE-2020-15275 | 1 Moinmo | 1 Moinmoin | 2021-03-30 | 3.5 LOW | 5.4 MEDIUM |
| MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes. | |||||
| CVE-2020-6802 | 2 Fedoraproject, Mozilla | 2 Fedora, Bleach | 2021-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| In Mozilla Bleach before 3.11, a mutation XSS affects users calling bleach.clean with noscript and a raw tag in the allowed/whitelisted tags option. | |||||
| CVE-2021-25354 | 1 Samsung | 1 Internet | 2021-03-30 | 6.8 MEDIUM | 5.3 MEDIUM |
| Improper input check in Samsung Internet prior to version 13.2.1.46 allows attackers to launch non-exported activity in Samsung Browser via malicious deeplink. | |||||
| CVE-2021-25367 | 1 Samsung | 1 Notes | 2021-03-30 | 5.5 MEDIUM | 5.4 MEDIUM |
| Path Traversal vulnerability in Samsung Notes prior to version 4.2.00.22 allows attackers to access local files without permission. | |||||
| CVE-2021-29274 | 1 Redmine | 1 Redmine | 2021-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip. | |||||
| CVE-2021-22886 | 1 Rocket.chat | 1 Rocket.chat | 2021-03-30 | 4.3 MEDIUM | 6.1 MEDIUM |
| Rocket.Chat before 3.11, 3.10.5, 3.9.7, 3.8.8 is vulnerable to persistent cross-site scripting (XSS) using nested markdown tags allowing a remote attacker to inject arbitrary JavaScript in a message. This flaw leads to arbitrary file read and RCE on Rocket.Chat desktop app. | |||||
| CVE-2021-3467 | 2 Fedoraproject, Jasper Project | 2 Fedora, Jasper | 2021-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.26 handled component references in CDEF box in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2021-23889 | 1 Mcafee | 1 Epolicy Orchestrator | 2021-03-30 | 3.5 LOW | 4.8 MEDIUM |
| Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | |||||
| CVE-2020-26275 | 1 Jupyter | 1 Jupyter Server | 2021-03-30 | 5.8 MEDIUM | 6.1 MEDIUM |
| The Jupyter Server provides the backend (i.e. the core services, APIs, and REST endpoints) for Jupyter web applications like Jupyter notebook, JupyterLab, and Voila. In Jupyter Server before version 1.1.1, an open redirect vulnerability could cause the jupyter server to redirect the browser to a different malicious website. All jupyter servers running without a base_url prefix are technically affected, however, these maliciously crafted links can only be reasonably made for known jupyter server hosts. A link to your jupyter server may *appear* safe, but ultimately redirect to a spoofed server on the public internet. This same vulnerability was patched in upstream notebook v5.7.8. This is fixed in jupyter_server 1.1.1. If upgrade is not available, a workaround can be to run your server on a url prefix: "jupyter server --ServerApp.base_url=/jupyter/". | |||||
| CVE-2021-3443 | 3 Fedoraproject, Jasper Project, Redhat | 3 Fedora, Jasper, Enterprise Linux | 2021-03-30 | 4.3 MEDIUM | 5.5 MEDIUM |
| A NULL pointer dereference flaw was found in the way Jasper versions before 2.0.27 handled component references in the JP2 image format decoder. A specially crafted JP2 image file could cause an application using the Jasper library to crash when opened. | |||||
| CVE-2020-14059 | 1 Squid-cache | 1 Squid | 2021-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| An issue was discovered in Squid 5.x before 5.0.3. Due to an Incorrect Synchronization, a Denial of Service can occur when processing objects in an SMP cache because of an Ipc::Mem::PageStack::pop ABA problem during access to the memory page/slot management list. | |||||
| CVE-2021-1376 | 1 Cisco | 1 Ios Xe | 2021-03-30 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1375 | 1 Cisco | 1 Ios Xe | 2021-03-30 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the fast reload feature of Cisco IOS XE Software running on Cisco Catalyst 3850, Cisco Catalyst 9300, and Cisco Catalyst 9300L Series Switches could allow an authenticated, local attacker to either execute arbitrary code on the underlying operating system, install and boot a malicious software image, or execute unsigned binaries on an affected device. These vulnerabilities are due to improper checks performed by system boot routines. To exploit these vulnerabilities, the attacker would need privileged access to the CLI of the device. A successful exploit could allow the attacker to either execute arbitrary code on the underlying operating system or execute unsigned code and bypass the image verification check part of the secure boot process. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2020-17490 | 2 Debian, Saltstack | 2 Debian Linux, Salt | 2021-03-30 | 2.1 LOW | 5.5 MEDIUM |
| The TLS module within SaltStack Salt through 3002 creates certificates with weak file permissions. | |||||
| CVE-2020-23161 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2021-03-30 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. | |||||
| CVE-2021-1390 | 1 Cisco | 1 Ios Xe | 2021-03-30 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in one of the diagnostic test CLI commands of Cisco IOS XE Software could allow an authenticated, local attacker to execute arbitrary code on an affected device. To exploit this vulnerability, the attacker would need to have valid user credentials at privilege level 15. This vulnerability exists because the affected software permits modification of the run-time memory of an affected device under specific circumstances. An attacker could exploit this vulnerability by authenticating to the affected device and issuing a specific diagnostic test command at the CLI. A successful exploit could trigger a logic error in the code that was designed to restrict run-time memory modifications. The attacker could take advantage of this logic error to overwrite system memory locations and execute arbitrary code on the underlying Linux operating system (OS) of the affected device. | |||||
| CVE-2021-27208 | 1 Xilinx | 4 Zynq-7000, Zynq-7000 Firmware, Zynq-7000s and 1 more | 2021-03-30 | 4.6 MEDIUM | 6.8 MEDIUM |
| When booting a Zync-7000 SOC device from nand flash memory, the nand driver in the ROM does not validate the inputs when reading in any parameters in the nand’s parameter page. IF a field read in from the parameter page is too large, this causes a buffer overflow that could lead to arbitrary code execution. Physical access and modification of the board assembly on which the Zynq-7000 SoC device mounted is needed to replace the original NAND flash memory with a NAND flash emulation device for this attack to be successful. | |||||
| CVE-2021-1381 | 1 Cisco | 1 Ios Xe | 2021-03-30 | 3.6 LOW | 6.1 MEDIUM |
| A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with high privileges or an unauthenticated attacker with physical access to the device to open a debugging console. The vulnerability is due to insufficient command authorization restrictions. An attacker could exploit this vulnerability by running commands on the hardware platform to open a debugging console. A successful exploit could allow the attacker to access a debugging console. | |||||
| CVE-2021-1391 | 1 Cisco | 2 Ios, Ios Xe | 2021-03-30 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the dragonite debugger of Cisco IOS XE Software could allow an authenticated, local attacker to escalate from privilege level 15 to root privilege. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit this vulnerability by bypassing the consent token mechanism with the residual scripts on the affected device. A successful exploit could allow the attacker to escalate from privilege level 15 to root privilege. | |||||
| CVE-2021-1382 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to inject arbitrary commands to be executed with root privileges on the underlying operating system. This vulnerability is due to insufficient input validation on certain CLI commands. An attacker could exploit this vulnerability by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to execute commands with root privileges. | |||||
| CVE-2021-1398 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 6.9 MEDIUM | 6.8 MEDIUM |
| A vulnerability in the boot logic of Cisco IOS XE Software could allow an authenticated, local attacker with level 15 privileges or an unauthenticated attacker with physical access to execute arbitrary code on the underlying Linux operating system of an affected device. This vulnerability is due to incorrect validations of specific function arguments that are passed to the boot script. An attacker could exploit this vulnerability by tampering with a specific file, which an affected device would process during the initial boot process. On systems that are protected by the Unified Extensible Firmware Interface (UEFI) secure boot feature, a successful exploit could allow the attacker to execute unsigned code at boot time and bypass the image verification check in the secure boot process of the affected device. | |||||
| CVE-2020-27829 | 1 Imagemagick | 1 Imagemagick | 2021-03-29 | 4.3 MEDIUM | 5.5 MEDIUM |
| A heap based buffer overflow in coders/tiff.c may result in program crash and denial of service in ImageMagick before 7.0.10-45. | |||||
| CVE-2020-35856 | 1 Solarwinds | 1 Orion Platform | 2021-03-29 | 3.5 LOW | 4.8 MEDIUM |
| SolarWinds Orion Platform before 2020.2.5 allows stored XSS attacks by an administrator on the Customize View page. | |||||
| CVE-2021-1434 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 6.6 MEDIUM | 6.0 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to overwrite arbitrary files in the underlying file system. This vulnerability is due to insufficient validation of the parameters of a specific CLI command. An attacker could exploit this vulnerability by issuing that command with specific parameters. A successful exploit could allow the attacker to overwrite the content of any arbitrary file that resides on the underlying host file system. | |||||
| CVE-2021-1436 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 4.7 MEDIUM | 4.4 MEDIUM |
| A vulnerability in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to conduct path traversal attacks and obtain read access to sensitive files on an affected system. This vulnerability is due to insufficient validation of user-supplied input. An attacker could exploit this vulnerability by sending a crafted request to an affected system. A successful exploit could allow the attacker to view arbitrary files on the affected system. | |||||
| CVE-2021-1374 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 3.5 LOW | 4.8 MEDIUM |
| A vulnerability in the web-based management interface of Cisco IOS XE Wireless Controller software for the Catalyst 9000 Family of switches could allow an authenticated, remote attacker to conduct a cross-site scripting (XSS) attack against another user of the web-based management interface of an affected device. The vulnerability is due to insufficient validation of user-supplied input by the web-based management interface of an affected device. An attacker could exploit this vulnerability by authenticating to the device as a high-privileged user, adding certain configurations with malicious code in one of its fields, and persuading another user to click on it. A successful exploit could allow the attacker to execute arbitrary script code in the context of the affected interface or to access sensitive, browser-based information. | |||||
| CVE-2021-1441 | 1 Oracle | 1 Cisco Ios Xe Software | 2021-03-29 | 7.2 HIGH | 6.7 MEDIUM |
| A vulnerability in the hardware initialization routines of Cisco IOS XE Software for Cisco 1100 Series Industrial Integrated Services Routers and Cisco ESR6300 Embedded Series Routers could allow an authenticated, local attacker to execute unsigned code at system boot time. This vulnerability is due to incorrect validations of parameters passed to a diagnostic script that is executed when the device boots up. An attacker could exploit this vulnerability by tampering with an executable file stored on a device. A successful exploit could allow the attacker to execute unsigned code at boot time and bypass the software image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need administrative level credentials (level 15) on the device. | |||||
| CVE-2020-8563 | 1 Kubernetes | 1 Kubernetes | 2021-03-29 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3. | |||||
| CVE-2020-8564 | 1 Kubernetes | 1 Kubernetes | 2021-03-29 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using a logging level of at least 4, processing a malformed docker config file will result in the contents of the docker config file being leaked, which can include pull secrets or other registry credentials. This affects < v1.19.3, < v1.18.10, < v1.17.13. | |||||
| CVE-2020-8566 | 1 Kubernetes | 1 Kubernetes | 2021-03-29 | 2.1 LOW | 5.5 MEDIUM |
| In Kubernetes clusters using Ceph RBD as a storage provisioner, with logging level of at least 4, Ceph RBD admin secrets can be written to logs. This occurs in kube-controller-manager's logs during provisioning of Ceph RBD persistent claims. This affects < v1.19.3, < v1.18.10, < v1.17.13. | |||||
| CVE-2021-25917 | 1 Open-emr | 1 Openemr | 2021-03-29 | 3.5 LOW | 4.8 MEDIUM |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the U2F USB Device authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | |||||
| CVE-2021-25918 | 1 Open-emr | 1 Openemr | 2021-03-29 | 3.5 LOW | 4.8 MEDIUM |
| In OpenEMR, versions 5.0.2 to 6.0.0 are vulnerable to Stored Cross-Site-Scripting (XSS) due to user input not being validated properly and rendered in the TOTP Authentication method page. A highly privileged attacker could inject arbitrary code into input fields when creating a new user. | |||||
| CVE-2021-3109 | 1 Solarwinds | 1 Orion Platform | 2021-03-29 | 4.9 MEDIUM | 4.8 MEDIUM |
| The custom menu item options page in SolarWinds Orion Platform before 2020.2.5 allows Reverse Tabnabbing in the context of an administrator account. | |||||
| CVE-2021-1453 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 7.2 HIGH | 6.8 MEDIUM |
| A vulnerability in the software image verification functionality of Cisco IOS XE Software for the Cisco Catalyst 9000 Family of switches could allow an unauthenticated, physical attacker to execute unsigned code at system boot time. The vulnerability is due to an improper check in the code function that manages the verification of the digital signatures of system image files during the initial boot process. An attacker could exploit this vulnerability by loading unsigned software on an affected device. A successful exploit could allow the attacker to boot a malicious software image or execute unsigned code and bypass the image verification check part of the secure boot process of an affected device. To exploit this vulnerability, the attacker would need to have unauthenticated physical access to the device or obtain privileged access to the root shell on the device. | |||||
| CVE-2021-1454 | 1 Cisco | 2 Ios Xe, Ios Xe Sd-wan | 2021-03-29 | 7.2 HIGH | 6.7 MEDIUM |
| Multiple vulnerabilities in the CLI of Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system with root privileges. These vulnerabilities are due to insufficient input validation of certain CLI commands. An attacker could exploit these vulnerabilities by authenticating to the device and submitting crafted input to the CLI. The attacker must be authenticated as an administrative user to execute the affected commands. A successful exploit could allow the attacker to access the underlying operating system with root privileges. | |||||
| CVE-2021-1220 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 3.5 LOW | 4.3 MEDIUM |
| Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. | |||||
| CVE-2021-1281 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 6.9 MEDIUM | 6.7 MEDIUM |
| A vulnerability in CLI management in Cisco IOS XE SD-WAN Software could allow an authenticated, local attacker to access the underlying operating system as the root user. This vulnerability is due to the way the software handles concurrent CLI sessions. An attacker could exploit this vulnerability by authenticating to the device as an administrative user and executing a sequence of commands. A successful exploit could allow the attacker to obtain access to the underlying operating system as the root user. | |||||
| CVE-2021-1418 | 1 Cisco | 1 Jabber | 2021-03-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1471 | 1 Cisco | 1 Jabber | 2021-03-29 | 6.8 MEDIUM | 5.6 MEDIUM |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-1352 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 2.9 LOW | 6.5 MEDIUM |
| A vulnerability in the DECnet Phase IV and DECnet/OSI protocol processing of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to insufficient input validation of DECnet traffic that is received by an affected device. An attacker could exploit this vulnerability by sending DECnet traffic to an affected device. A successful exploit could allow the attacker to cause the affected device to reload, resulting in a DoS condition. | |||||
| CVE-2021-1417 | 1 Cisco | 1 Jabber | 2021-03-29 | 4.0 MEDIUM | 6.5 MEDIUM |
| Multiple vulnerabilities in Cisco Jabber for Windows, Cisco Jabber for MacOS, and Cisco Jabber for mobile platforms could allow an attacker to execute arbitrary programs on the underlying operating system with elevated privileges, access sensitive information, intercept protected network traffic, or cause a denial of service (DoS) condition. For more information about these vulnerabilities, see the Details section of this advisory. | |||||
| CVE-2021-20285 | 1 Upx Project | 1 Upx | 2021-03-29 | 8.3 HIGH | 6.6 MEDIUM |
| A flaw was found in upx canPack in p_lx_elf.cpp in UPX 3.96. This flaw allows attackers to cause a denial of service (SEGV or buffer overflow and application crash) or possibly have unspecified other impacts via a crafted ELF. The highest threat from this vulnerability is to system availability. | |||||
| CVE-2021-28247 | 1 Ca | 1 Ehealth Performance Manager | 2021-03-29 | 3.5 LOW | 5.4 MEDIUM |
| ** UNSUPPORTED WHEN ASSIGNED ** CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). The impact is: An authenticated remote user is able to inject arbitrary web script or HTML due to incorrect sanitization of user-supplied data and perform a Reflected Cross-Site Scripting attack against the platform users. The affected endpoints are: cgi/nhWeb with the parameter report, aviewbin/filtermibobjects.pl with the parameter namefilter, and aviewbin/query.pl with the parameters System, SystemText, Group, and GroupText. NOTE: This vulnerability only affects products that are no longer supported by the maintainer. | |||||
| CVE-2021-1356 | 1 Cisco | 1 Ios Xe | 2021-03-29 | 3.5 LOW | 4.3 MEDIUM |
| Multiple vulnerabilities in the web UI of Cisco IOS XE Software could allow an authenticated, remote attacker with read-only privileges to cause the web UI software to become unresponsive and consume vty line instances, resulting in a denial of service (DoS) condition. These vulnerabilities are due to insufficient error handling in the web UI. An attacker could exploit these vulnerabilities by sending crafted HTTP packets to an affected device. A successful exploit could allow the attacker to cause the web UI software to become unresponsive and consume all available vty lines, preventing new session establishment and resulting in a DoS condition. Manual intervention would be required to regain web UI and vty session functionality. Note: These vulnerabilities do not affect the console connection. | |||||
| CVE-2021-20681 | 1 Basercms | 1 Basercms | 2021-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2021-20683 | 1 Basercms | 1 Basercms | 2021-03-29 | 3.5 LOW | 5.4 MEDIUM |
| Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | |||||
| CVE-2017-7359 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=login&m= XSS attack. | |||||
| CVE-2017-7360 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=settings&x= XSS attack. | |||||
| CVE-2017-7361 | 1 Lucidcrew | 1 Pixie | 2021-03-29 | 4.3 MEDIUM | 6.1 MEDIUM |
| Pixie 1.0.4 allows an admin/index.php s=publish&m=static&x= XSS attack. | |||||