Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-01-20 CVE-2021-44829 Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter.
network
CWE-79
4.3
2022-01-20 CVE-2021-46028 Cross-Site Request Forgery (CSRF) vulnerability in Mblog Project Mblog
In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management.
4.3
2022-01-19 CVE-2021-46027 Cross-Site Request Forgery (CSRF) vulnerability in Mysiteforme Project Mysiteforme
mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management.
4.3
2022-01-19 CVE-2021-4143 Cross-site Scripting vulnerability in Bigbluebutton
Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0.
4.3
2022-01-19 CVE-2021-26247 Cross-site Scripting vulnerability in Cacti 0.8.7G
As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter.
network
cacti CWE-79
4.3
2022-01-19 CVE-2021-44777 Cross-Site Request Forgery (CSRF) vulnerability in Email Tracker Project Email Tracker
Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6).
4.3
2022-01-19 CVE-2022-23046 SQL Injection vulnerability in PHPipam 1.4.4
PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php
network
low complexity
phpipam CWE-89
6.5
2022-01-19 CVE-2021-46203 Path Traversal vulnerability in Taogogo Taocms 3.0.2
Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter.
network
low complexity
taogogo CWE-22
4.0
2022-01-19 CVE-2022-22310 Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 21.0.0.10/21.0.0.12
IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security.
network
low complexity
ibm CWE-327
6.4
2022-01-19 CVE-2021-44837 Exposure of Resource to Wrong Sphere vulnerability in Deltarm Delta RM 1.2
An issue was discovered in Delta RM 1.2.
network
low complexity
deltarm CWE-668
4.0