7 matches found
Security Bulletin: Vulnerabilities in Apache and Node.js affect IBM Spectrum Protect Plus
Summary Vulnerabilities in Apache and Node.js such as execution of arbitrary code on the system, cross -site scripting, and bypassing security restrictions, may affect IBM Spectrum Protect Plus. Vulnerability Details CVEID: CVE-2020-28458 DESCRIPTION: Node.js datatables.net module could allow a...
OESA-2021-1122 velocity-tools security update
The VelocityTools project is a collection of useful Java classes aka tools, as well as infrastructure to easily, automatically and transparently make these tools available to Velocity templates. Project include easy integration of Velocity into the view-layer of web applications via the...
DEBIAN-CVE-2020-13959
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...
CVE-2020-13959
CVE-2020-13959 affects Apache Velocity Tools before 3.1. The vulnerability lies in the default VelocityView error page which reflects back the vm file entered in the URL, enabling an attacker to supply an XSS payload via the vm parameter. When a user clicks a crafted URL, the payload can execute ...
CVE-2020-13959 Velocity Tools XSS Vulnerability
The default error page for VelocityView in Apache Velocity Tools prior to 3.1 reflects back the vm file that was entered as part of the URL. An attacker can set an XSS payload file as this vm file in the URL which results in this payload being executed. XSS vulnerabilities allow attackers to...