Lucene search
K

7 matches found

IBM Security Bulletins
IBM Security Bulletins
added 2021/04/24 6:55 a.m.77 views

Security Bulletin: Vulnerabilities in Apache and Node.js affect IBM Spectrum Protect Plus

Summary Vulnerabilities in Apache and Node.js such as execution of arbitrary code on the system, cross -site scripting, and bypassing security restrictions, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-28458 DESCRIPTION: Node.js datatables.net module could allow a...

9CVSS1.5AI score0.9024EPSS
Exploits7Affected Software1
OSV
OSV
added 2021/04/07 11:2 a.m.3 views

OESA-2021-1122 velocity-tools security update

The VelocityTools project is a collection of useful Java classes aka tools, as well as infrastructure to easily, automatically and transparently make these tools available to Velocity templates. Project include easy integration of Velocity into the view-layer of web applications via the...

6.1CVSS6.9AI score0.06357EPSS
Exploits0References2
OSV
OSV
added 2021/03/10 8:15 a.m.2 views

DEBIAN-CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

6.1CVSS7.1AI score0.06357EPSS
Exploits0References1
OSV
OSV
added 2021/03/10 8:15 a.m.10 views

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

6.1CVSS6.4AI score
Exploits0References7
UbuntuCve
UbuntuCve
added 2021/03/10 8:15 a.m.30 views

CVE-2020-13959

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

6.1CVSS6.9AI score0.06357EPSS
Exploits0References8
CVE
CVE
added 2021/03/10 8:0 a.m.174 views

CVE-2020-13959

CVE-2020-13959 affects Apache Velocity Tools before 3.1. The vulnerability lies in the default VelocityView error page which reflects back the vm file entered in the URL, enabling an attacker to supply an XSS payload via the vm parameter. When a user clicks a crafted URL, the payload can execute ...

6.1CVSS6.7AI score0.06357EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2021/03/10 8:0 a.m.39 views

CVE-2020-13959 Velocity Tools XSS Vulnerability

The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...

6.7AI score0.06357EPSS
Exploits0References7
Rows per page
Query Builder