Cartoon Caption Winner: Something Seems Afoul

Enterprise Vulnerabilities
From DHS/US-CERT’s National Vulnerability Database CVE-2021-28924
PUBLISHED: 2021-04-08

Self Authenticated XSS in Nagios Network Analyzer before 2.4.2 via the nagiosna/groups/queries page.

CVE-2021-28925
PUBLISHED: 2021-04-08

SQL injection vulnerability in Nagios Network Analyzer before 2.4.3 via the o[col] parameter to api/checks/read/.

CVE-2021-20480
PUBLISHED: 2021-04-08

IBM WebSphere Application Server 7.0, 8.0, and 8.5 is vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, a remote authenticated attacker could exploit this vulnerability to obtain sensitive data. IBM X-Force ID: 197502.

CVE-2021-30111
PUBLISHED: 2021-04-08

A stored XSS vulnerability exists in Web-School ERP V 5.0 via (Add Events) in the event name and description fields. An attack can inject a JavaScript code that will be stored in the page. If any visitor sees the events, then the payload will be executed.

CVE-2021-30112
PUBLISHED: 2021-04-08

Web-School ERP V 5.0 contains a cross-site request forgery (CSRF) vulnerability that allows a remote attacker to create a student_leave_application request through module/core/studentleaveapplication/create. The application fails to validate the CSRF token for a POST request using Guardian privilege…

Read More HERE

0

Leave a Reply