Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2022-06-26 CVE-2020-27509 Cross-site Scripting vulnerability in Galaxkey
Persistent XSS in Galaxkey Secure Mail Client in Galaxkey up to 5.6.11.5 allows an attacker to perform an account takeover by intercepting the HTTP Post request when sending an email and injecting a specially crafted XSS payload in the 'subject' field.
network
galaxkey CWE-79
3.5
2022-06-24 CVE-2022-33121 Cross-Site Request Forgery (CSRF) vulnerability in 1234N Minicms 1.11
A Cross-Site Request Forgery (CSRF) in MiniCMS v1.11 allows attackers to arbitrarily delete local .dat files via clicking on a malicious link.
network
1234n CWE-352
5.8
2022-06-24 CVE-2022-33122 Cross-site Scripting vulnerability in Eyoucms 1.5.6
A stored cross-site scripting (XSS) vulnerability in eyoucms v1.5.6 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the URL field under the login page.
network
eyoucms CWE-79
3.5
2022-06-24 CVE-2021-20355 Exposure of Resource to Wrong Sphere vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag.
network
low complexity
ibm CWE-668
5.0
2022-06-24 CVE-2021-20421 Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0
2022-06-24 CVE-2021-20543 Injection vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to HTML injection.
network
ibm CWE-74
3.5
2022-06-24 CVE-2021-20544 Server-Side Request Forgery (SSRF) vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to server-side request forgery (SSRF).
network
low complexity
ibm CWE-918
4.0
2022-06-24 CVE-2021-20551 Exposure of Resource to Wrong Sphere vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 allows web pages to be stored locally which can be read by another user on the system.
local
low complexity
ibm CWE-668
2.1
2022-06-24 CVE-2021-29865 Improper Restriction of Rendered UI Layers or Frames vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 could allow a remote attacker to hijack the clicking action of the victim.
network
ibm CWE-1021
4.9
2022-06-24 CVE-2021-38871 Cross-site Scripting vulnerability in IBM Jazz Team Server
IBM Jazz Team Server 6.0.6, 6.0.6.1, 7.0, 7.0.1, and 7.0.2 is vulnerable to cross-site scripting.
network
ibm CWE-79
3.5