CVE-2021-41318
published 2021-09-28CVE-2021-41318: In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated…
PriorityP344medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
5.88%
92.3th percentile
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| progress | whatsupgold | < 21.1.0 | 21.1.0 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv7.5HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
squid3 vulnerabilities
osv·2024-06-27·CVSS 7.5
CVE-2021-28651 squid3 vulnerabilities
squid3 vulnerabilities
Joshua Rogers discovered that Squid incorrectly handled requests with the
urn: scheme. A remote attacker could possibly use this issue to cause
Squid to consume resources, leading to a denial of service. This issue
only affected Ubuntu 16.04 LTS. (CVE-2021-28651)
It was discovered that Squid incorrectly handled SSPI and SMB
authentication. A remote attacker could use this issue to cause Squid to
crash, resulting in a denial of service, or possibly obtain sensitive
information. This issue only affected Ubuntu 16.04 LTS. (CVE-2022-41318)
Joshua Rogers discovered that Squid incorrectly handled HTTP message
processing. A remote attacker could possibly use this issue to cause
Squid to crash, resulting in a denial of service. (CVE-2023-49285)
Joshua Rogers discovered t
GHSA
GHSA-g44x-884w-mh6f: In Progress WhatsUp Gold prior to version 21
ghsa_unreviewed·2022-05-24
CVE-2021-41318 [MEDIUM] CWE-79 GHSA-g44x-884w-mh6f: In Progress WhatsUp Gold prior to version 21
In Progress WhatsUp Gold prior to version 21.1.0, an application endpoint failed to adequately sanitize malicious input. which could allow an unauthenticated attacker to execute arbitrary code in a victim's browser.
No detection rules found.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/164359/WhatsUpGold-21.0.3-Cross-Site-Scripting.htmlhttps://knowledgebase.progress.com/articles/Knowledge/WhatsUp-Gold-Security-Bulletin-September-2021http://packetstormsecurity.com/files/164359/WhatsUpGold-21.0.3-Cross-Site-Scripting.htmlhttps://knowledgebase.progress.com/articles/Knowledge/WhatsUp-Gold-Security-Bulletin-September-2021
2021-09-28
Published