OnionShare 2.3.0/2.3.1/2.3.2/2.3.3 Chat information disclosure
A vulnerability classified as problematic has been found in OnionShare 2.3.0/2.3.1/2.3.2/2.3.3. Affected is an unknown code block of the component Chat Handler. Upgrading to version 2.4 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Adobe XMP Toolkit SDK up to 2020.1 CPP File heap-based overflow
A vulnerability classified as critical was found in Adobe XMP Toolkit SDK up to 2020.1. Affected by this vulnerability is some unknown processing of the component CPP File Handler. Upgrading eliminates this vulnerability.
OnionShare 2.3.0/2.3.1/2.3.2/2.3.3 Receive unrestricted upload
A vulnerability, which was classified as critical, has been found in OnionShare 2.3.0/2.3.1/2.3.2/2.3.3. Affected by this issue is an unknown function of the component Receive Handler. Upgrading to version 2.4 eliminates this vulnerability. The upgrade is hosted for download at github.com.
Gila CMS 2.2.0 Picture Name resource injection
A vulnerability, which was classified as problematic, was found in Gila CMS 2.2.0 (Content Management System). This affects an unknown functionality of the component Picture Name Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Laravel Booking System Booking Core 2.0 Avatar Upload cross site scripting
A vulnerability has been found in Laravel Booking System Booking Core 2.0 and classified as problematic. This vulnerability affects some unknown functionality of the component Avatar Upload Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Laravel Booking System Booking Core 2.0 Verification Page access control
A vulnerability was found in Laravel Booking System Booking Core 2.0 and classified as problematic. This issue affects an unknown part of the component Verification Page. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Laravel Booking System Booking Core 2.0 Password Change change-password user session
A vulnerability was found in Laravel Booking System Booking Core 2.0. It has been classified as critical. Affected is an unknown code of the file sandbox.bookingcore.org/user/profile/change-password of the component Password Change Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
IceHrm 30.0.0 user session [CVE-2021-38823]
A vulnerability was found in IceHrm 30.0.0. It has been declared as critical. Affected by this vulnerability is an unknown code block. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Calibre-Web up to 0.6.12 Metadata cross site scripting
A vulnerability was found in Calibre-Web up to 0.6.12. It has been rated as problematic. Affected by this issue is some unknown processing of the component Metadata Handler. Applying the patch 32e27712f0f71fdec646add20cd78b4ce75acfce is able to eliminate this problem. The bugfix is ready for download at github.com.
IceHrm 30.0.0.OS File Upload cross site scripting
A vulnerability classified as problematic has been found in IceHrm 30.0.0.OS. This affects an unknown function of the component File Upload Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Meow Gallery Plugin up to 4.1.8 on WordPress Shortcode sql injection
A vulnerability classified as critical has been found in Meow Gallery Plugin up to 4.1.8 on WordPress (Photo Gallery Software). This affects an unknown part of the component Shortcode Handler. Upgrading to version 4.1.9 eliminates this vulnerability.
User Registration Plugin up to 2.0.1 on WordPress user_registration_update_profile_details user_registration_profile_pic_url cross site scripting
A vulnerability classified as problematic was found in User Registration Plugin up to 2.0.1 on WordPress (WordPress Plugin). This vulnerability affects the function user_registration_update_profile_details. Upgrading to version 2.0.2 eliminates this vulnerability.
Bitcoin Payment Gateway for WooCommerce Plugin up to 1.6.0 on WooCommerce All Masking Rules Page cross site scripting
A vulnerability, which was classified as problematic, has been found in Bitcoin Payment Gateway for WooCommerce Plugin up to 1.6.0 on WooCommerce (E-Commerce Management Software). This issue affects an unknown code block of the component All Masking Rules Page. Upgrading to version 1.6.1 eliminates this vulnerability.
Appointment Hour Booking Plugin up to 1.3.15 on WordPress Calendar Form Settings cross site scripting
A vulnerability, which was classified as problematic, was found in Appointment Hour Booking Plugin up to 1.3.15 on WordPress (Appointment Software). Affected is some unknown processing of the component Calendar Form Settings. Upgrading to version 1.3.16 eliminates this vulnerability.
Better Find and Replace Plugin up to 1.2.8 on WordPress All Masking Rules Page cross site scripting
A vulnerability has been found in Better Find and Replace Plugin up to 1.2.8 on WordPress (WordPress Plugin) and classified as problematic. Affected by this vulnerability is an unknown function of the component All Masking Rules Page. Upgrading to version 1.2.9 eliminates this vulnerability.
CM Tooltip Glossary Plugin up to 3.9.20 on WordPress Shortcode glossary_tooltip cross site scripting
A vulnerability was found in CM Tooltip Glossary Plugin up to 3.9.20 on WordPress (WordPress Plugin) and classified as problematic. Affected by this issue is an unknown functionality of the component Shortcode Handler. Upgrading to version 3.9.21 eliminates this vulnerability.
Modern Events Calendar Lite Plugin up to 5.22.1 on WordPress Attribute cross site scripting
A vulnerability was found in Modern Events Calendar Lite Plugin up to 5.22.1 on WordPress (Calendar Software). It has been classified as problematic. This affects some unknown functionality of the component Attribute Handler. Upgrading to version 5.22.2 eliminates this vulnerability.
SourceCodester Lodging Reservation Management System 1 Login username/password sql injection
A vulnerability was found in SourceCodester Lodging Reservation Management System 1. It has been declared as critical. This vulnerability affects an unknown part of the component Login. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
i-Panel Administration System 2.0 cross site scripting [CVE-2021-41878]
A vulnerability was found in i-Panel Administration System 2.0. It has been rated as problematic. This issue affects an unknown code. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Cobbler up to 3.2.x Template injection
A vulnerability, which was classified as critical, has been found in Cobbler up to 3.2.x. Affected by this issue is an unknown part of the component Template Handler. Upgrading to version 3.3.0 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch d8f60bbf14a838c8c8a1dba98086b223e35fe70a is able to eliminate this problem. The bugfix […]
Operations up to 3.2.x upload_log_data Privilege Escalation
A vulnerability, which was classified as critical, was found in Operations up to 3.2.x. Upgrading to version 3.3.0 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch d8f60bbf14a838c8c8a1dba98086b223e35fe70a is able to eliminate this problem. The bugfix is ready for download at github.com. The best possible mitigation is suggested to be […]
Cobbler up to 3.2.x Setting authorization
A vulnerability has been found in Cobbler up to 3.2.x and classified as critical. This vulnerability affects an unknown code block of the component Setting Handler. Upgrading to version 3.3.0 eliminates this vulnerability. The upgrade is hosted for download at github.com. Applying the patch d8f60bbf14a838c8c8a1dba98086b223e35fe70a is able to eliminate this problem. The bugfix is ready […]
Polycom Poly VVX 400/Poly VVX 410 up to 5.3.1 POST Parameter access control
A vulnerability was found in Polycom Poly VVX 400 and Poly VVX 410 up to 5.3.1 and classified as critical. This issue affects some unknown processing of the component POST Parameter Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.
Ballistix MOD Utility up to 2.0.2.5 Driver MODAPI.sys MmMapIoSpace access control
A vulnerability was found in Ballistix MOD Utility up to 2.0.2.5. It has been classified as critical. Affected is the function MmMapIoSpace in the library MODAPI.sys of the component Driver. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.