CVE-2021-32828

MEDIUM Year: 2021
CVSS v3 Score
6.1
Medium
Weakness Type
CWE-502
View all →

Vulnerability Description

The Nuxeo Platform is an open source content management platform for building business applications. In version 11.5.109, the `oauth2` REST API is vulnerable to Reflected Cross-Site Scripting (XSS). This XSS can be escalated to Remote Code Execution (RCE) by levering the automation API.

Related Vulnerabilities

CVE-2025-46567

MEDIUM
CVSS:6.1(Medium)

LLama Factory enables fine-tuning of large language models. Prior to version 1.0.0, a critical vulnerability exists in the `llamafy_baichuan2.py` script of the LLaMA-Factory project. The script perfor...

CWE-5022025

CVE-2023-52357

MEDIUM
CVSS:6.2(Medium)

Vulnerability of serialization/deserialization mismatch in the vibration framework.Successful exploitation of this vulnerability may affect availability.

CWE-5022023

CVE-2024-34075

MEDIUM
CVSS:6.2(Medium)

kurwov is a fast, dependency-free library for creating Markov Chains. An unsafe sanitization of dataset contents on the `MarkovData#getNext` method used in `Markov#generate` and `Markov#choose` allows...

CWE-5022024

CVE-2025-2251

MEDIUM
CVSS:6.2(Medium)

A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deseri...

CWE-5022025

CVE-2025-31935

MEDIUM
CVSS:6.2(Medium)

Subnet Solutions PowerSYSTEM Center is affected by a mishandling of exceptional conditions vulnerability. Crafted data that is passed to the API may trigger an exception, resulting in a denial-of-serv...

CWE-5022025

CVE-2019-12384

MEDIUM
CVSS:5.9(Medium)

FasterXML jackson-databind 2.x before 2.9.9.1 might allow attackers to have a variety of impacts by leveraging failure to block the logback-core class from polymorphic deserialization. Depending on th...

CWE-5022019