Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-20 | CVE-2021-44829 | Cross Site Scripting (XSS) vulnerability exists in index.html in AFI WebACMS through 2.1.0 via the the ID parameter. network CWE-79 | 4.3 |
| 2022-01-20 | CVE-2021-46028 | Cross-Site Request Forgery (CSRF) vulnerability in Mblog Project Mblog In mblog <= 3.5.0 there is a CSRF vulnerability in the background article management. | 4.3 |
| 2022-01-19 | CVE-2021-46027 | Cross-Site Request Forgery (CSRF) vulnerability in Mysiteforme Project Mysiteforme mysiteforme, as of 19-12-2022, has a CSRF vulnerability in the background blog management. | 4.3 |
| 2022-01-19 | CVE-2021-4143 | Cross-site Scripting vulnerability in Bigbluebutton Cross-site Scripting (XSS) - Generic in GitHub repository bigbluebutton/bigbluebutton prior to 2.4.0. | 4.3 |
| 2022-01-19 | CVE-2021-26247 | Cross-site Scripting vulnerability in Cacti 0.8.7G As an unauthenticated remote user, visit "http://<CACTI_SERVER>/auth_changepassword.php?ref=<script>alert(1)</script>" to successfully execute the JavaScript payload present in the "ref" URL parameter. | 4.3 |
| 2022-01-19 | CVE-2021-44777 | Cross-Site Request Forgery (CSRF) vulnerability in Email Tracker Project Email Tracker Cross-Site Request Forgery (CSRF) vulnerabilities leading to single or bulk e-mail entries deletion discovered in Email Tracker WordPress plugin (versions <= 5.2.6). | 4.3 |
| 2022-01-19 | CVE-2022-23046 | SQL Injection vulnerability in PHPipam 1.4.4 PhpIPAM v1.4.4 allows an authenticated admin user to inject SQL sentences in the "subnet" parameter while searching a subnet via app/admin/routing/edit-bgp-mapping-search.php | 6.5 |
| 2022-01-19 | CVE-2021-46203 | Path Traversal vulnerability in Taogogo Taocms 3.0.2 Taocms v3.0.2 was discovered to contain an arbitrary file read vulnerability via the path parameter. | 4.0 |
| 2022-01-19 | CVE-2022-22310 | Use of a Broken or Risky Cryptographic Algorithm vulnerability in IBM Websphere Application Server 21.0.0.10/21.0.0.12 IBM WebSphere Application Server Liberty 21.0.0.10 through 21.0.0.12 could provide weaker than expected security. | 6.4 |
| 2022-01-19 | CVE-2021-44837 | Exposure of Resource to Wrong Sphere vulnerability in Deltarm Delta RM 1.2 An issue was discovered in Delta RM 1.2. | 4.0 |