CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-37271
https://notcve.org/view.php?id=CVE-2021-37271
Cross Site Scripting (XSS) vulnerability exists in UEditor v1.4.3.3, which can be exploited by an attacker to obtain user cookie information. Se presenta una vulnerabilidad de tipo Cross Site Scripting (XSS) en UEditor versión v1.4.3.3, que puede ser explotada por un atacante para conseguir información de las cookies del usuario • https://www.cnvd.org.cn/flaw/show/3243916 https://www.freebuf.com/vuls/269956.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-39227 – Fix prototype pollution in the zrender merge and clone helper methods
https://notcve.org/view.php?id=CVE-2021-39227
ZRender is a lightweight graphic library providing 2d draw for Apache ECharts. In versions prior to 5.2.1, using `merge` and `clone` helper methods in the `src/core/util.ts` module results in prototype pollution. It affects the popular data visualization library Apache ECharts, which uses and exports these two methods directly. The GitHub Security Advisory page for this vulnerability contains a proof of concept. This issue is patched in ZRender version 5.2.1. • https://github.com/ecomfe/zrender/pull/826 https://github.com/ecomfe/zrender/releases/tag/5.2.1 https://github.com/ecomfe/zrender/security/advisories/GHSA-fhv8-fx5f-7fxf • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-22741
https://notcve.org/view.php?id=CVE-2020-22741
An issue was discovered in Xuperchain 3.6.0 that allows for attackers to recover any arbitrary users' private key after obtaining the partial signature in multisignature. Se ha detectado un problema en Xuperchain versiones 3.6.0, que permite a atacantes recuperar la clave privada de cualquier usuario arbitrario después de obtener la firma parcial en la multifirma • https://github.com/xuperchain/xuperchain/issues/782 • CWE-312: Cleartext Storage of Sensitive Information •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2020-18145
https://notcve.org/view.php?id=CVE-2020-18145
Cross Site Scripting (XSS) vulnerability in umeditor v1.2.3 via /public/common/umeditor/php/getcontent.php. Una vulnerabilidad de tipo Cross Site Scripting (XSS) en umeditor versión v1.2.3, por medio del archivo /public/common/umeditor/php/getcontent.php • https://github.com/fex-team/umeditor/issues/624 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.3EPSS: 0%CPEs: 1EXPL: 0CVE-2018-0692
https://notcve.org/view.php?id=CVE-2018-0692
Untrusted search path vulnerability in Baidu Browser Version 43.23.1000.500 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. Una vulnerabilidad de ruta de búsqueda no fiable en la versión 3.2.0.191 y anteriores de 43.23.1000.500 permite a los atacantes conseguir privilegios utilizando un archivo DLL troyano en un directorio no especificado. • http://jvn.jp/en/jp/JVN77885134/index.html • CWE-426: Untrusted Search Path •