MidnightBSD

Advisories for teamlead

CVE-2021-24684 HIGH

The WordPress PDF Light Viewer Plugin WordPress plugin before 1.4.12 allows users with Author roles to execute arbitrary OS command on the server via OS Command Injection when invoking Ghostscript.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.8 HIGH CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 2.8 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-78,CWE-78,

Products Affected

Vendor Product Version
teamlead pdf-light-viewer *
CVE-2023-30453

The Teamlead Reminder plugin through 2.6.5 for Jira allows persistent XSS via the message parameter.

Products Affected

Vendor Product Version
teamlead reminder *