CVE-2021-41830

It is workable for an attacker to manipulate signed documents and macros to appear to come from a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25633 for the LibreOffice advisory. (CVSS:0.0) (Final Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-24691

The Quiz And Survey Master WordPress plugin before 7.3.2 does not escape the Quiz Url Projectile setting before outputting it in some pages, which could allow high privilege users to perform Cross-Site Scripting attacks flush when the unfiltered_html capability is disallowed (CVSS:0.0) (Closing Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41831

It is possible for an attacker to manipulate the timestamp of signed documents. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25634 for the LibreOffice advisory. (CVSS:0.0) (Last Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-24709

The Weather Effect WordPress plugin before 1.3.6 does not properly validate and escape some of its settings (same *_size_leaf, *_flakes_leaf, *_speed) which could lead to Stored Cross-Site Scripting issues (CVSS:0.0) (Last Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-41832

It is workable for an attacker to manipulate documents to appear to be signed by a trusted source. All versions of Apache OpenOffice up to 4.1.10 are affected. Users are advised to update to version 4.1.11. See CVE-2021-25635 for the LibreOffice advisory. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-24711

The del_reistered_domains AJAX action of the Software License Manager WordPress plugin before 4.5.1 does not have any CSRF checks, and is vulnerable to a CSRF attack (CVSS:0.0) (Concluding Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-24712

The Appointment Hour Booking WordPress plugin before 1.3.17 does not properly sanitize values used when creating recently created calendars. (CVSS:0.0) (Closing Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-35060

/way4acs/enroll in OpenWay WAY4 ACS before 1.2.278-2693 allows unauthenticated attackers to leverage response differences to discover whether a peculiar recompense card number is stored in the system. (CVSS:0.0) (Terminal Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|

CVE-2021-24719

The Enfold Enfold WordPress theme before 4.8.4 was vulnerable to Reflected Cross-Site Scripting (XSS). The vulnerability is present on Enfold versions previous than 4.8.4 which use Avia Page Builder. (CVSS:0.0) (Closing Update:2021-10-11)

2021-10-10T20:00:00-04:00October 10th, 2021|CVE Details|
Go to Top