CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39394
https://notcve.org/view.php?id=CVE-2021-39394
mm-wiki v0.2.1 was discovered to contain a Cross-Site Request Forgery (CSRF) which allows attackers to arbitrarily add user accounts and modify user information. Se ha detectado que mm-wiki versión v0.2.1, contiene una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) que permite a atacantes añadir arbitrariamente cuentas de usuario y modificar la información del usuario. • https://github.com/phachon/mm-wiki/issues/316 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2021-39393
https://notcve.org/view.php?id=CVE-2021-39393
mm-wiki v0.2.1 was discovered to contain a cross-site scripting (XSS) vulnerability via the markdown editor. Se ha detectado que mm-wiki versión v0.2.1, contiene una vulnerabilidad de tipo cross-site scripting (XSS) por medio del editor markdown. • https://github.com/phachon/mm-wiki/issues/315 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2021-46252
https://notcve.org/view.php?id=CVE-2021-46252
A Cross-Site Request Forgery (CSRF) in RequirementsBypassPage.php of Scratch Wiki scratch-confirmaccount-v3 allows attackers to modify account request requirement bypasses. Una vulnerabilidad de tipo Cross-Site Request Forgery (CSRF) en el archivo RequirementsBypassPage.php de Scratch Wiki scratch-confirmaccount-v3, permite a atacantes modificar los requisitos de petición de cuentas • https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3/commit/5ed5479de0a279377aa9f64362481efb4e75d8f9 https://github.com/InternationalScratchWiki/scratch-confirmaccount-v3/pull/155 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-25986 – Django-wiki - Stored Cross-Site Scripting (XSS) in Notifications Section
https://notcve.org/view.php?id=CVE-2021-25986
In Django-wiki, versions 0.0.20 to 0.7.8 are vulnerable to Stored Cross-Site Scripting (XSS) in Notifications Section. An attacker who has access to edit pages can inject JavaScript payload in the title field. When a victim gets a notification regarding the changes made in the application, the payload in the notification panel renders and loads external JavaScript. En Django-wiki, versiones 0.0.20 a 0.7.8, son vulnerables a un ataque de tipo Cross-Site Scripting (XSS) Almacenado en la sección de notificaciones. Un atacante que tenga acceso a las páginas de edición puede inyectar una carga útil de JavaScript en el campo title. • https://github.com/django-wiki/django-wiki/commit/9eaccc7519e4206a4d2f22640882f0737b2da9c5 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25986 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0CVE-2021-24470 – Yada Wiki < 3.4.1 - Contributor+ Stored XSS
https://notcve.org/view.php?id=CVE-2021-24470
The Yada Wiki WordPress plugin before 3.4.1 did not sanitise, validate or escape the anchor attribute of its shortcode, leading to a Stored Cross-Site Scripting issue El plugin de WordPress Yada Wiki versiones anteriores a 3.4.1, no saneaba, comprobaba o escapaba del atributo anchor de su shortcode, conllevando a un problema de tipo Cross-Site Scripting Almacenado • https://wpscan.com/vulnerability/b01a85cc-0e45-4183-a916-19476354d5d4 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •