EUVD-2020-30433

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting dom-based vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9644

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting stored vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

EUVD-2020-30434

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

CVE-2020-9648

Adobe Experience Manager versions 6.5 and earlier have a cross-site scripting vulnerability. Successful exploitation could lead to arbitrary javascript execution in the browser...

Adobe Experience Manager 6.0 < 6.5 Multiple Vulnerabilities (APSB20-31)

The version of Adobe Experience Manager installed on the remote host is prior to 6.5. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB20-31 advisory. - Adobe Experience Manager versions 6.5 and earlier have a blind server-side request forgery ssrf vulnerability...

Multiple vulnerabilities in Zenphoto

Overview Zenphoto is a content management system CMS. Zenphoto contains multiple vulnerabilities listed below. Cross-site Scripting CWE-79 - CVE-2020-5592 Code Injection CWE-94 - CVE-2020-5593 Tomohisa Maeda of Panasonic Corporation, Product Security Center reported this vulnerability to IPA...

UBUNTU-CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32611)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

Input validation

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

CVE-2020-9788

The CVE-2020-9788 entry describes a validation/input sanitization issue in macOS where a file may be rendered in a way that could execute JavaScript. The vulnerability is addressed in macOS Catalina 10.15.5, with Apple noting improved input sanitization as the fix. Public references also align wi...

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

CVE-2020-13806

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation...

CVE-2020-13643

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

CVE-2020-13642

The CVE concerns the WordPress Plugin “Page Builder by SiteOrigin” (SiteOrigin Page Builder) prior to version 2.10.16. The root cause is missing nonce verification in action_builder_content, which enables forged admin-origin requests. The related panels_data ($_POST) handling can allow malicious ...

CVE-2020-13641

CVE-2020-13641 affects WordPress Real-Time Find and Replace plugin prior to 4.0.2. The root cause is missing nonce verification in far_options_page, enabling forged administrator requests. This CSRF can update find/replace rules to inject malicious JavaScript, which could be executed later in vic...

Apple macOS Catalina Security Component Input Validation Error Vulnerability

Apple macOS Catalina is a proprietary operating system developed by Apple Inc. for Mac computers.Security is one of the security components of the system. A security vulnerability exists in the Security component of Apple macOS Catalina versions prior to 10.15.5. An attacker can exploit the...