Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2024-11-15 CVE-2021-3741 Cross-site Scripting vulnerability in Chatwoot
A stored cross-site scripting (XSS) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.6.
network
low complexity
chatwoot CWE-79
5.4
5.4
2024-11-15 CVE-2021-3742 Server-Side Request Forgery (SSRF) vulnerability in Chatwoot
A Server-Side Request Forgery (SSRF) vulnerability was discovered in chatwoot/chatwoot, affecting all versions prior to 2.5.0.
network
low complexity
chatwoot CWE-918
8.8
8.8
2024-11-15 CVE-2021-3838 Deserialization of Untrusted Data vulnerability in Dompdf Project Dompdf
DomPDF before version 2.0.0 is vulnerable to PHAR deserialization due to a lack of checking on the protocol before passing it into the file_get_contents() function.
network
low complexity
dompdf-project CWE-502
critical
 9.8
9.8
2024-11-15 CVE-2021-3841 Cross-site Scripting vulnerability in Sylius
sylius/sylius versions prior to 1.9.10, 1.10.11, and 1.11.2 are vulnerable to stored cross-site scripting (XSS) through SVG files.
network
low complexity
sylius CWE-79
5.4
5.4
2024-11-15 CVE-2021-3902 XXE vulnerability in Dompdf Project Dompdf
An improper restriction of external entities (XXE) vulnerability in dompdf/dompdf's SVG parser allows for Server-Side Request Forgery (SSRF) and deserialization attacks.
network
low complexity
dompdf-project CWE-611
critical
 9.8
9.8
2024-11-15 CVE-2021-3986 Information Exposure Through an Error Message vulnerability in Janeczku Calibre-Web
A vulnerability in janeczku/calibre-web allows unauthorized users to view the names of private shelves belonging to other users.
network
low complexity
janeczku CWE-209
4.3
4.3
2024-11-15 CVE-2021-3987 Missing Authorization vulnerability in Janeczku Calibre-Web
An improper access control vulnerability exists in janeczku/calibre-web.
network
low complexity
janeczku CWE-862
4.3
4.3
2024-11-15 CVE-2021-3988 Cross-site Scripting vulnerability in Janeczku Calibre-Web
A Cross-site Scripting (XSS) vulnerability exists in janeczku/calibre-web, specifically in the file `edit_books.js`.
network
low complexity
janeczku CWE-79
6.1
6.1
2024-11-15 CVE-2021-3991 Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm
An Improper Authorization vulnerability exists in Dolibarr versions prior to the 'develop' branch.
network
low complexity
dolibarr CWE-639
4.3
4.3
2024-11-15 CVE-2022-1226 Cross-site Scripting vulnerability in PHPipam
A Cross-Site Scripting (XSS) vulnerability in phpipam/phpipam versions prior to 1.4.7 allows attackers to execute arbitrary JavaScript code in the browser of a victim.
network
low complexity
phpipam CWE-79
4.8
4.8