CVE-2021-22957

HIGH Year: 2021
CVSS v3 Score
8.8
High
CVSS v2 Score
6.8
Medium
Weakness Type
CWE-16
View all →

Vulnerability Description

A Cross-Origin Resource Sharing (CORS) vulnerability found in UniFi Protect application Version 1.19.2 and earlier allows a malicious actor who has convinced a privileged user to access a URL with malicious code to take over said user’s account.This vulnerability is fixed in UniFi Protect application Version 1.20.0 and later.

Related Vulnerabilities

CVE-2017-12249

CRITICAL
CVSS:9.1(Critical)

A vulnerability in the Traversal Using Relay NAT (TURN) server included with Cisco Meeting Server (CMS) could allow an authenticated, remote attacker to gain unauthenticated or unauthorized access to ...

CWE-162017

CVE-2021-31381

CRITICAL
CVSS:9.1(Critical)

A configuration weakness in the JBoss Application Server (AppSvr) component of Juniper Networks SRC Series allows a remote attacker to send a specially crafted query to cause the web server to delete ...

CWE-162021

CVE-2023-39385

CRITICAL
CVSS:9.1(Critical)

Vulnerability of configuration defects in the media module of certain products.. Successful exploitation of this vulnerability may cause unauthorized access.

CWE-162023

CVE-2018-0262

HIGH
CVSS:8.1(High)

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain unauthorized access to components of, or sensitive information in, an affected system, leading to Remote...

CWE-162018

CVE-2022-29095

CRITICAL
CVSS:9.6(Critical)

Dell SupportAssist Client Consumer versions (3.10.4 and prior) and Dell SupportAssist Client Commercial versions (3.1.1 and prior) contain a cross-site scripting vulnerability. A remote unauthenticate...

CWE-162022

CVE-2015-9197

CRITICAL
CVSS:9.8(Critical)

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD ...

CWE-162015