XSS in the client account page in SuiteCRM before 7.11.19 allows an attacker to inject JavaScript via the name field
Source: NIST
CVE-2021-31792
April 2021
CVE-2021-31935
OX App Suite 7.10.4 and earlier allows XSS via a crafted distribution list (payload in the common name) that is mishandled in the scheduling view.
Source: NIST
CVE-2021-31935
CVE-2020-28943
OX App Suite 7.10.4 and earlier allows SSRF via a snippet.
Source: NIST
CVE-2020-28943
CVE-2021-31934
OX App Suite 7.10.4 and earlier allows XSS via a crafted contact object (payload in the position or company field) that is mishandled in the App Suite UI on a smartphone.
Source: NIST
CVE-2021-31934
CVE-2020-28944
OX Guard 2.10.4 and earlier allows a Denial of Service via a WKS server that responds slowly or with a large amount of data.
Source: NIST
CVE-2020-28944
CVE-2021-31933
A remote code execution vulnerability exists in Chamilo through 1.11.14 due to improper input sanitization of a parameter used for file uploads, and improper file-extension filtering for certain filenames (e.g., .phar or .pht). A remote authenticated administrator is able to upload a file containing arbitrary PHP code into specific directories via main/inc/lib/fileUpload.lib.php directory traversal to achieve PHP code execution.
Source: NIST
CVE-2021-31933
CVE-2021-21230 (chrome)
Type confusion in V8 in Google Chrome prior to 90.0.4430.93 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Source: NIST
CVE-2021-21230 (chrome)
CVE-2021-21539
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a Time-of-check Time-of-use (TOCTOU) race condition vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to gain elevated privileges when a user with higher privileges is simultaneously accessing iDRAC through the web interface.
Source: NIST
CVE-2021-21539
CVE-2021-21540
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a stack-based overflow vulnerability. A remote authenticated attacker could potentially exploit this vulnerability to overwrite configuration information by injecting arbitrarily large payload.
Source: NIST
CVE-2021-21540
CVE-2021-21541
Dell EMC iDRAC9 versions prior to 4.40.00.00 contain a DOM-based cross-site scripting vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability by tricking a victim application user to supply malicious HTML or JavaScript code to DOM environment in the browser. The malicious code is then executed by the web browser in the context of the vulnerable web application.
Source: NIST
CVE-2021-21541