How severe is CVE-2021-43106?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.1 out of 10.

What type of vulnerability is CVE-2021-43106?

This is classified as CWE-116, which is a common weakness in software security.

CVE-2021-43106

MEDIUM Year: 2021

CVSS v3 Score

6.1

Medium

CVSS v2 Score

5.8

Medium

Weakness Type

CWE-116

View all →

Vulnerability Description

A Header Injection vulnerability exists in Compass Plus TranzWare Online FIMI Web Interface Tranzware Online (TWO) 5.3.33.3 F38 and FIMI 4.2.19.4 25.The HTTP host header can be manipulated and cause the application to behave in unexpected ways. Any changes made to the header would just cause the request to be sent to a completely different Domain/IP address. This is due to that the server implicitly trusts the Host header, and fails to validate or escape it properly. An attacker can use this input to redirect target users to a malicious domain/web page. This would result in expanding the potential to further attacks and malicious actions.

CVE-2017-18892

MEDIUM

CVSS:6.1(Medium)

An issue was discovered in Mattermost Server before 4.2.0, 4.1.1, and 4.0.5. E-mail templates can have a field in which HTML content is not neutralized.

CWE-1162017

CVE-2021-21684

MEDIUM

CVSS:6.1(Medium)

Jenkins Git Plugin 4.8.2 and earlier does not escape the Git SHA-1 checksum parameters provided to commit notifications when displaying them in a build cause, resulting in a stored cross-site scriptin...

CWE-1162021

CVE-2021-34630

MEDIUM

CVSS:6.1(Medium)

In the Pro and Enterprise versions of GTranslate < 2.8.65, the gtranslate_request_uri_var function runs at the top of all pages and echoes out the contents of $_SERVER['REQUEST_URI']. Although this us...

CWE-1162021

CVE-2021-41132

MEDIUM

CVSS:6.1(Medium)

OMERO.web provides a web based client and plugin infrastructure. In versions prior to 5.11.0, a variety of templates do not perform proper sanitization through HTML escaping. Due to the lack of saniti...

CWE-1162021

CVE-2022-0220

MEDIUM

CVSS:6.1(Medium)

The check_privacy_settings AJAX action of the WordPress GDPR WordPress plugin before 1.9.27, available to both unauthenticated and authenticated users, responds with JSON data without an "application/...

CWE-1162022

CVE-2022-0421

MEDIUM

CVSS:6.1(Medium)

The Five Star Restaurant Reservations WordPress plugin before 2.4.12 does not have authorisation when changing whether a payment was successful or failed, allowing unauthenticated users to change the ...

CWE-1162022

CVE-2021-43106

Vulnerability Description

Related Vulnerabilities

CVE-2017-18892

CVE-2021-21684

CVE-2021-34630

CVE-2021-41132

CVE-2022-0220

CVE-2022-0421