CVE-2021-20843

MEDIUM Year: 2021
CVSS v3 Score
5.4
Medium
CVSS v2 Score
3.5
Low
Weakness Type
CWE-829
View all →

Vulnerability Description

Cross-site script inclusion vulnerability in the Web GUI of RTX830 Rev.15.02.17 and earlier, NVR510 Rev.15.01.18 and earlier, NVR700W Rev.15.00.19 and earlier, and RTX1210 Rev.14.01.38 and earlier allows a remote authenticated attacker to alter the settings of the product via a specially crafted web page.

Related Vulnerabilities

CVE-2019-16951

MEDIUM
CVSS:5.3(Medium)

A remote file include (RFI) issue was discovered in Enghouse Web Chat 6.2.284.34. One can replace the localhost attribute with one's own domain name. When the product calls this domain after the POST ...

CWE-8292019

CVE-2021-29777

MEDIUM
CVSS:5.3(Medium)

IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5, under specific circumstance of a table being dropped while being accessed in another session, could a...

CWE-8292021

CVE-2022-24329

MEDIUM
CVSS:5.3(Medium)

In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.

CWE-8292022

CVE-2022-24824

MEDIUM
CVSS:5.3(Medium)

Discourse is an open source platform for community discussion. In affected versions an attacker can poison the cache for anonymous (i.e. not logged in) users, such that the users are shown the crawler...

CWE-8292022

CVE-2022-31021

MEDIUM
CVSS:5.3(Medium)

Ursa is a cryptographic library for use with blockchains. A weakness in the Hyperledger AnonCreds specification that is not mitigated in the Ursa and AnonCreds implementations is that the Issuer does ...

CWE-8292022

CVE-2020-13977

MEDIUM
CVSS:4.9(Medium)

Nagios 4.4.5 allows an attacker, who already has administrative access to change the "URL for JSON CGIs" configuration setting, to modify the Alert Histogram and Trends code via crafted versions of th...

CWE-8292020