Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-03-26 | CVE-2021-23889 | Cross-site Scripting vulnerability in Mcafee Epolicy Orchestrator Cross-Site Scripting vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 allows ePO administrators to inject arbitrary web script or HTML via multiple parameters where the administrator's entries were not correctly sanitized. | 4.8 |
| 2021-03-26 | CVE-2021-23888 | Open Redirect vulnerability in Mcafee Epolicy Orchestrator Unvalidated client-side URL redirect vulnerability in McAfee ePolicy Orchestrator (ePO) prior to 5.10 Update 10 could cause an authenticated ePO user to load an untrusted site in an ePO iframe which could steal information from the authenticated user. | 6.3 |
| 2021-03-26 | CVE-2021-20683 | Cross-site Scripting vulnerability in Basercms Improper neutralization of JavaScript input in the blog article editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | 3.5 |
| 2021-03-26 | CVE-2021-20682 | OS Command Injection vulnerability in Basercms baserCMS versions prior to 4.4.5 allows a remote attacker with an administrative privilege to execute arbitrary OS commands via unspecified vectors. | 9.0 |
| 2021-03-26 | CVE-2021-20681 | Cross-site Scripting vulnerability in Basercms Improper neutralization of JavaScript input in the page editing function of baserCMS versions prior to 4.4.5 allows remote authenticated attackers to inject an arbitrary script via unspecified vectors. | 3.5 |
| 2021-03-26 | CVE-2021-20677 | Unspecified vulnerability in Necplatforms products UNIVERGE Aspire series PBX (UNIVERGE Aspire WX from 1.00 to 3.51, UNIVERGE Aspire UX from 1.00 to 9.70, UNIVERGE SV9100 from 1.00 to 10.70, and SL2100 from 1.00 to 3.00) allows a remote authenticated attacker to cause system down and a denial of service (DoS) condition by sending a specially crafted command. network necplatforms | 3.5 |
| 2021-03-26 | CVE-2021-28250 | Improper Privilege Management vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a setuid (and/or setgid) file. | 7.8 |
| 2021-03-26 | CVE-2021-28249 | Untrusted Search Path vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. | 8.8 |
| 2021-03-26 | CVE-2021-28248 | Improper Restriction of Excessive Authentication Attempts vulnerability in Broadcom Ehealth CA eHealth Performance Manager through 6.3.2.12 is affected by Improper Restriction of Excessive Authentication Attempts. | 7.5 |
| 2021-03-26 | CVE-2021-28247 | Cross-site Scripting vulnerability in CA Ehealth Performance Manager CA eHealth Performance Manager through 6.3.2.12 is affected by Cross Site Scripting (XSS). | 5.4 |