Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-08-18 CVE-2021-30071 Cross-site Scripting vulnerability in Hestiacp
A cross-site scripting (XSS) vulnerability in /admin/list_key.html of HestiaCP before v1.3.5 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
network
hestiacp CWE-79
4.3
2022-07-27 CVE-2022-36880 Cross-site Scripting vulnerability in Webmin Usermin
The Read Mail module in Webmin 1.995 and Usermin through 1.850 allows XSS via a crafted HTML e-mail message.
network
webmin CWE-79
4.3
2022-07-17 CVE-2022-26352 Unrestricted Upload of File with Dangerous Type vulnerability in Dotcms
An issue was discovered in the ContentResource API in dotCMS 3.0 through 22.02.
network
dotcms CWE-434
6.8
2022-07-17 CVE-2022-29286 Allocation of Resources Without Limits or Throttling vulnerability in Pexip Infinity
Pexip Infinity 27 before 28.0 allows remote attackers to trigger excessive resource consumption and termination because of registrar resource mishandling.
network
low complexity
pexip CWE-770
5.0
2022-07-17 CVE-2022-25357 Exposure of Resource to Wrong Sphere vulnerability in Pexip Infinity 27.0/27.1
Pexip Infinity 27.x before 27.2 has Improper Access Control.
network
low complexity
pexip CWE-668
5.0
2022-07-17 CVE-2022-26654 Injection vulnerability in Pexip Infinity
Pexip Infinity before 27.3 allows remote attackers to force a software abort via HTTP.
network
low complexity
pexip CWE-74
5.0
2022-07-17 CVE-2022-26655 Improper Input Validation vulnerability in Pexip Infinity 27.0/27.1/27.2
Pexip Infinity 27.x before 27.3 has Improper Input Validation.
network
low complexity
pexip CWE-20
5.0
2022-07-17 CVE-2022-26656 Unspecified vulnerability in Pexip Infinity
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort, and possibly enumerate usernames, via One Touch Join.
network
low complexity
pexip
6.4
2022-07-17 CVE-2022-26657 Unspecified vulnerability in Pexip Infinity
Pexip Infinity before 27.3 allows remote attackers to trigger a software abort via One Touch Join.
network
low complexity
pexip
5.0
2022-07-17 CVE-2022-27928 Unspecified vulnerability in Pexip Infinity 27.0/27.1/27.2
Pexip Infinity 27.x before 27.3 allows remote attackers to trigger a software abort via the Session Initiation Protocol.
network
low complexity
pexip
5.0