CVE-2020-15700

An issue was discovered in Joomla! through 3.9.19. A missing token check in the ajaxinstall endpoint of cominstaller causes a CSRF vulnerability...

CVE-2020-15700

CVE-2020-15700 affects Joomla! up to 3.9.19: the ajax_install endpoint in com_installer lacks a token check, causing a CSRF vulnerability. Affected: Joomla! through 3.9.19. Impact: CSRF (network vector; user interaction required; confidentiality/integrity/availability LOW). Mitigation: upgrade to...

CVE-2019-15700

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text...

CVE-2019-15700

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text...

CVE-2019-15700

The CVE-2019-15700 issue affects public/js/frappe/form/footer/timeline.js in Frappe Framework 12 up to 12.0.8, where HTML is not escaped in the timeline, enabling crafted text such as “changed value of.” Root cause is lack of HTML escaping in that JavaScript file. Public details in connected docu...

CVE-2019-15700

public/js/frappe/form/footer/timeline.js in Frappe Framework 12 through 12.0.8 does not escape HTML in the timeline and thus is affected by crafted "changed value of" text...

CVE-2018-15700

The CVE-2018-15700 issue affects TP-Link TL-WRN841N running 0.9.1 4.16 v0348.0 where an unauthenticated LAN user can trigger a denial of service by sending a crafted HTTP header with an unexpected Referer field. Public documentation/connected sources describe the vulnerability in the device web i...

CVE-2017-15700

The provided connected documents identify CVE-2017-15700 as a flaw in Apache Sling Authentication Service (version 1.4.0) related to the AuthUtil#isRedirectValid method. The root cause is flawed redirect validation, which can be exploited via the Sling login form to trick a victim into sending cr...