Vulnerabilities

DATE CVE VULNERABILITY TITLE RISK
2021-03-23 CVE-2021-21376 Information Exposure vulnerability in Openmicroscopy Omero.Web 5.6.3
OMERO.web is open source Django-based software for managing microscopy imaging.
network
low complexity
openmicroscopy CWE-200
5.0
5.0
2021-03-23 CVE-2020-7346 Link Following vulnerability in Mcafee Data Loss Prevention
Privilege Escalation vulnerability in McAfee Data Loss Prevention (DLP) for Windows prior to 11.6.100 allows a local, low privileged, attacker through the use of junctions to cause the product to load DLLs of the attacker's choosing.
local
low complexity
mcafee CWE-59
7.8
7.8
2021-03-23 CVE-2021-27969 Cross-site Scripting vulnerability in Boonex Dolphin 7.4.2
Dolphin CMS 7.4.2 is vulnerable to stored XSS via the Page Builder "width" parameter.
network
boonex CWE-79
3.5
3.5
2021-03-23 CVE-2021-27531 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "query" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27530 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allow remote attacker to inject javascript via URI in /index.php.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27529 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "limit" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27528 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "refID" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27527 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "valueID" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27526 Cross-site Scripting vulnerability in Dynpg 4.9.2
A cross-site scripting (XSS) vulnerability in DynPG version 4.9.2 allows remote attackers to inject JavaScript via the "page" parameter.
network
dynpg CWE-79
3.5
3.5
2021-03-23 CVE-2021-27310 Cross-site Scripting vulnerability in Csphere Clansphere 2011.4
Clansphere CMS 2011.4 allows unauthenticated reflected XSS via "language" parameter.
network
csphere CWE-79
4.3
4.3