CVE-2019-15959 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

CVE-2019-15959 Cisco Small Business SPA500 Series IP Phones Local Script Execution Vulnerability

A vulnerability in Cisco Small Business SPA500 Series IP Phones could allow a physically proximate attacker to execute arbitrary commands on the device. The vulnerability is due to the presence of development testing and verification scripts that remained on the device. An attacker could exploit...

Design/Logic Flaw

The Spotfire client component of TIBCO Software Inc.'s TIBCO Spotfire Analyst, TIBCO Spotfire Analytics Platform for AWS Marketplace, TIBCO Spotfire Desktop, and TIBCO Spotfire Server contains a vulnerability that theoretically allows a legitimate user to inject scripts. If executed by a victim...

Microsoft Office SharePoint XSS Vulnerability

A cross-site-scripting XSS vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server. An authenticated attacker could exploit the vulnerability by sending a specially crafted request to an affected SharePoint...

PT-2020-4023 · Microsoft · Sharepoint Server

Name of the Vulnerable Software and Affected Versions: Microsoft SharePoint Server affected versions not specified Description: A cross-site-scripting XSS issue exists due to improper sanitization of specially crafted web requests. An attacker could exploit this by sending a crafted request,...

CVE-2020-24559

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...

Design/Logic Flaw

A vulnerability in Trend Micro Apex One, Worry-Free Business Security 10.0 SP1 and Worry-Free Business Security Services on macOS may allow an attacker to manipulate a certain binary to load and run a script from a user-writable folder, which then would allow them to execute arbitrary code as roo...

MGASA-2020-0356 Updated hylafax+ packages fix security vulnerabilities

In HylaFAX+ through 7.0.2, the faxsetup utility calls chown on files in user-owned directories. By winning a race, a local attacker could use this to escalate his privileges to root CVE-2020-15396. HylaFAX+ through 7.0.2 has scripts that execute binaries from directories writable by unprivileged...

BaserCMS Cross-Site Scripting Vulnerability (CNVD-2020-49572)

BaserCMS is an open source enterprise-level content management system cms. BaserCMS 4.3.6 and earlier versions of contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree. A cross-site scripting vulnerability exists in the js component. An...

GHSA-CPXC-67RC-C775 Cross Site Scripting in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...

Cross Site Scripting in baserCMS

baserCMS 4.3.6 and earlier is affected by Cross Site Scripting XSS. Impact: XSS via Arbitrary script execution. Attack vector is: Administrator must be logged in. Components are: contentfields.php, contentinfo.php, contentoptions.php, contentrelated.php, indexlisttree.php, jquery.bcTree.js Tested...

Mitel MiVoice Connect Client Remote Code Execution Vulnerability

Mitel MiVoice Connect is Mitel Networks Canada's software for centralized management of Mitel Networks' call handling and collaboration tools. A remote code execution vulnerability exists in Mitel MiVoice Connect client versions prior to 214.100.1223.0. The vulnerability is related to the affecte...

Microsoft SharePoint Spoofing Vulnerability (CNVD-2020-64002)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

CVE-2020-12456

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform...

CVE-2020-12456

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform...

Multiple cross-site scripting vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Stored cross-site scripting vulnerability in upload files CWE-79 - CVE-2020-5620 Ryoya Koyama of...

JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

Cisco Vision Dynamic Signage Director Web Management Interface Cross-Site Scripting Vulnerability

Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution from Cisco USA. A cross-site scripting vulnerability exists in the Web management interface in Cisco Vision Dynamic Signage Director versions prior to 6.2 SP5, which stems from the program failing to properly...

Cisco DNA Center Cross-Site Scripting Vulnerability

Cisco DNA Center is the network management and command center for Cisco DNA. A cross-site scripting vulnerability exists in the Web management interface of Cisco DNA Center. The vulnerability stems from the web management interface failing to properly validate user-supplied input. An attacker cou...

CVE-2020-1182

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...