CVE-2021-37450
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
Source: CVE-2021-37450
[월:] 2021년 07월
CVE-2021-37452
CVE-2021-37452
NCH Quorum v2.03 and earlier allows local users to discover cleartext login information relating to users by reading the local .dat configuration files.
Source: CVE-2021-37452
CVE-2021-37453
CVE-2021-37453
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
Source: CVE-2021-37453
CVE-2021-37455
CVE-2021-37455
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
Source: CVE-2021-37455
CVE-2021-37454
CVE-2021-37454
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
Source: CVE-2021-37454
CVE-2021-37456
CVE-2021-37456
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).
Source: CVE-2021-37456
CVE-2021-37451
CVE-2021-37451
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
Source: CVE-2021-37451
CVE-2021-3663
CVE-2021-3663
firefly-iii is vulnerable to Improper Restriction of Excessive Authentication Attempts
Source: CVE-2021-3663
CVE-2021-23413
CVE-2021-23413
This affects the package jszip before 3.7.0.
Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
Source: CVE-2021-23413
CVE-2021-37436
CVE-2021-37436
Amazon Echo Dot devices through 2021-07-02 sometimes allow attackers, who have physical access to a device after a factory reset, to obtain sensitive information via a series of complex hardware and software attacks. NOTE: reportedly, there were vendor marketing statements about safely removing personal content via a factory reset. Also, the vendor has reportedly indicated that they are working on mitigations.
Source: CVE-2021-37436