CVSS: 6.1EPSS: 0%CPEs: 6EXPL: 1CVE-2021-30134
https://notcve.org/view.php?id=CVE-2021-30134
php-mod/curl (a wrapper of the PHP cURL extension) before 2.3.2 allows XSS via the post_file_path_upload.php key parameter and the POST data to post_multidimensional.php. php-mod/curl (un contenedor de la extensión PHP cURL) anterior a 2.3.2 permite XSS a través del parámetro clave post_file_path_upload.php y los datos POST en post_multidimensional.php. • https://wpscan.com/vulnerability/0b547728-27d2-402e-ae17-90d539344ec7 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.8EPSS: 0%CPEs: 3EXPL: 0CVE-2011-4770
https://notcve.org/view.php?id=CVE-2011-4770
The QIWI Wallet (ru.mw) application before 1.14.2 for Android does not properly protect data, which allows remote attackers to read or modify financial information via a crafted application. La aplicación QIWI Wallet (ru.mw) anterior a v1.14.2 para Android no protege correctamente los datos, lo que permite a atacantes remotos leer o modificar información financiera a través de una aplicación modificada. • http://www4.comp.polyu.edu.hk/~appsec/bugs/CVE-2011-4770-vulnerability-in-QIWIWallet.html • CWE-264: Permissions, Privileges, and Access Controls •