6 matches found
CVE-2020-28860
OpenAssetDigital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input, incorporating it into its SQL queries, allowing for authenticated blind SQL injection...
CVE-2020-28859
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks...
CVE-2020-28859
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks...
CVE-2020-28857
OpenAsset Digital Asset Management DAM through 12.0.19, does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for stored cross-site scripting attacks...
Cross site scripting
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly sanitize user supplied input in multiple parameters and endpoints, allowing for reflected cross-site scripting attacks...
CVE-2020-28856
OpenAsset Digital Asset Management DAM through 12.0.19 does not correctly determine the HTTP request's originating IP address, allowing attackers to spoof it using X-Forwarded-For in the header, by supplying localhost address such as 127.0.0.1, effectively bypassing all IP address based access...