How severe is CVE-2021-34630?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2021-34630?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2021-34630

MEDIUM Year: 2021

CVSS v3 Score

6.1

Medium

CVSS v2 Score

4.3

Medium

Weakness Type

CWE-116

View all →

Vulnerability Description

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this uses addslashes, and most modern browsers automatically URLencode requests, this plugin is still vulnerable to Reflected XSS in older browsers such as Internet Explorer 9 or below, or in cases where an attacker is able to modify the request en route between the client and the server, or in cases where the user is using an atypical browsing solution.

CVE-2017-18892

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

CWE-1162017

CVE-2021-21684

MEDIUM

CVSS:6.1(Medium)

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scriptin...

CWE-1162021

CVE-2021-41132

MEDIUM

CVSS:6.1(Medium)

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of saniti...

CWE-1162021

CVE-2021-43106

MEDIUM

CVSS:6.1(Medium)

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause t...

CWE-1162021

CVE-2022-0220

MEDIUM

CVSS:6.1(Medium)

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/...

CWE-1162022

CVE-2022-0421

MEDIUM

CVSS:6.1(Medium)

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the ...

CWE-1162022

CVE-2021-34630

Vulnerability Description

Related Vulnerabilities

CVE-2017-18892

CVE-2021-21684

CVE-2021-41132

CVE-2021-43106

CVE-2022-0220

CVE-2022-0421