CVE-2021-41140

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-668
View all →

Vulnerability Description

Discourse-reactions is a plugin for the Discourse platform that allows user to add their reactions to the post. In affected versions reactions given by user to secure topics and private messages are visible. This issue is patched in version 0.2 of discourse-reaction. Users who are unable to update are advised to disable the Discourse-reactions plugin in admin panel.

Related Vulnerabilities

CVE-2016-11006

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control for admin_init settings changes.

CWE-6682016

CVE-2016-11007

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_user_id for invoice retrieval.

CWE-6682016

CVE-2016-11008

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_paypal payer metadata updates.

CWE-6682016

CVE-2016-11009

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_interkassa payer metadata updates.

CWE-6682016

CVE-2016-11010

MEDIUM
CVSS:5.3(Medium)

The wp-invoice plugin before 4.1.1 for WordPress has incorrect access control over wpi_twocheckout payer metadata updates.

CWE-6682016

CVE-2016-5334

MEDIUM
CVSS:5.3(Medium)

VMware Identity Manager 2.x before 2.7.1 and vRealize Automation 7.x before 7.2.0 allow remote attackers to read /SAAS/WEB-INF and /SAAS/META-INF files via unspecified vectors.

CWE-6682016