CVE-2021-23415
This affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to…
CVE-2021-23416
This affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user…
CVE-2021-23417
All versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.
CVE-2021-37450 (ivm_attendant)
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /ogmprop?id= (reflected).
CVE-2021-37451 (ivm_attendant)
Cross Site Scripting (XSS) exists in NCH IVM Attendant v5.12 and earlier via /msglist?mbx= (reflected).
CVE-2021-37453 (axon_pbx)
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the extension name (stored).
CVE-2021-37454 (axon_pbx)
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the line name (stored).
CVE-2021-37455 (axon_pbx)
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the outbound dialing plan (stored).
CVE-2021-37457 (axon_pbx)
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the SipRule field (stored).
CVE-2021-37456 (axon_pbx)
Cross Site Scripting (XSS) exists in NCH Axon PBX v2.22 and earlier via the blacklist IP address (stored).