CVE-2020-20142

The provided connected sources confirm CVE-2020-20142 affects Flexmonster Pivot Table & Charts 2.7.17, specifically the "+To Remote CSV" component under the Open menu. The root cause is a reflected XSS due to insufficient input sanitization of the 'path' parameter when fetching file specification...

CVE-2020-20142

Cross Site Scripting XSS vulnerability in the "To Remote CSV" component under "Open" Menu in Flexmonster Pivot Table & Charts 2.7.17...

Flexmonster Pivot Table & Charts Cross-Site Scripting Vulnerability

Flexmonster Pivot Table & Charts is a Javascript-based codebase for viewing, analyzing, and managing multidimensional data online from Flexmonster. A cross-site scripting vulnerability exists in Flexmonster Pivot Table & Charts 2.7.17, which originates in the "To Remote CSV" component under the...

Flexmonster Pivot Table & Charts Cross-Site Scripting Vulnerability

Flexmonster Pivot Table & Charts is a Javascript-based codebase for viewing, analyzing, and managing multidimensional data online from Flexmonster. A cross-site scripting vulnerability exists in Flexmonster Pivot Table & Charts 2.7.17, which originates in the Remote Report component under the Ope...

Flexmonster Pivot Table & Charts Cross-Site Scripting Vulnerability

Flexmonster Pivot Table & Charts is a Javascript-based codebase for viewing, analyzing, and managing multidimensional data online from Flexmonster. A cross-site scripting vulnerability exists in the Connect menu in Flexmonster Pivot Table & Charts 2.7.17, which originates in the OLAP XMLA compone...

Flexmonster Pivot Table & Charts Cross-Site Scripting Vulnerability

Flexmonster Pivot Table & Charts is a Javascript-based codebase for viewing, analyzing, and managing multidimensional data online from Flexmonster. A cross-site scripting vulnerability exists in Flexmonster Pivot Table & Charts 2.7.17, which originates in the Remote JSON component Under the Conne...

CVE-2020-29240

Lepton-CMS 4.7.0 is affected by cross-site scripting XSS. An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered...

CVE-2020-29240

Lepton-CMS 4.7.0 is affected by cross-site scripting XSS. An attacker can inject the XSS payload in the URL field of the admin page and each time an admin visits the Menu-Pages-Pages Overview section, the XSS will be triggered...

MGASA-2020-0400 Updated webmin package fixes security vulnerabilities

An XSS Vulnerability exists in Webmin 1.941 and earlier affecting the Cluster Shell Commands Endpoint. A user may enter any XSS Payload into the Command field and execute it. Then, after revisiting the Cluster Shell Commands Menu, the XSS Payload will be rendered and executed. CVE-2020-8820 An...

openSUSE Security Update : opera (openSUSE-2020-1713)

This update for opera fixes the following issues : opera was updated to version 71.0.3770.228 - DNA-87466 Hide extensions icon is black in dark theme - DNA-88580 Implement searchintabs telemetry benchmark - DNA-88591 Allow to scroll down the Keyboards Shortcuts section with URL - DNA-88693 Random...

CVE-2020-8821

An Improper Data Validation Vulnerability exists in Webmin 1.941 and earlier affecting the Command Shell Endpoint. A user may enter HTML code into the Command field and submit it. Then, after visiting the Action Logs Menu and displaying logs, the HTML code will be rendered however, JavaScript is...

Application shortcuts still remain on the Start Menu when the application is already unassigned for the user

Workspace App has been configured with the option "Show Applications in Start Menu" and published apps appear on the start menu. When an application is removed from being assigned to a user, its shortcut still shows up on the users start menu...

WordPress Menu Swapper plugin <= 1.1.0.2 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability found by Jerome Bruandet NinTechNet in WordPress Menu Swapper plugin versions = 1.1.0.2. Solution Update the WordPress Menu Swapper plugin to the latest available version at least 1.1.1...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Wordpress Plugin Store / AccessPress Themes WP Floating Menu V1.3.0 is affected by: Cross Site Scripting XSS via the id GET parameter...

CVE-2020-25378

Summary (grounded): CVE-2020-25378 affects WordPress plugins from AccessPress Themes: WP Floating Menu, version 1.3.0. The vulnerability is a Cross Site Scripting (XSS) weakness triggered by the id parameter in the GET request (reflected XSS). Some sources describe the issue as authenticated and ...

WordPress Sticky Menu, Sticky Header (or anything!) on Scroll plugin <= 2.2 - Reflected Cross-Site Scripting (XSS) vulnerability

Reflected Cross-Site Scripting XSS vulnerability found by Antony Garand Sucuri in WordPress Sticky Menu, Sticky Header or anything! on Scroll plugin versions = 2.2. Solution Update the WordPress Sticky Menu, Sticky Header or anything! on Scroll plugin to the latest available version at least 2.21...

GHSA-XWG3-GJXH-C8PM Malicious Package in ngx-context-menu

Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...

Malicious Package in ngx-context-menu

Version 0.0.26 of ngx-context-menu contained malicious code. The code when executed in the browser would enumerate password, cvc, cardnumber fields from forms and send the extracted values to https://js-metrics.com/minjs.php?pl= Recommendation Remove the package from your environment. It's also...