Microsoft SharePoint Cross-Site Scripting Vulnerability (NVD-C-2020-180981)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-64005)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

CVE-2020-6284

CVE-2020-6284 affects SAP NetWeaver Knowledge Management (versions 7.30, 7.31, 7.40, 7.50). The issue is a stored cross-site scripting (XSS) vulnerability caused by inadequate filtering when executing script content in a stored file. If an accessing user has administrative privileges, this could ...

DEBIAN-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

SilverStripe has an unspecified vulnerability (CNVD-2020-44911)

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe 4.5 and previous versions of a security vulnerability , attackers can use...

Remote Code Execution in scratch-vm

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code...

GHSA-VC9J-FHVV-8VRF Remote Code Execution in scratch-vm

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code...

RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)

RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...

New Relic: One Click Remote Code Injection - *.blog.newrelic.com

With some social engineering, a WordPress admin could be convinced to click a malicious link to abuse a vulnerability in a WordPress plugin. This could lead to script execution or even code execution on the host. Vulnerability: A CSRF vulnerability has been found inside the Admin Panel leading to...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Design/Logic Flaw

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9309

SilverStripe CMS up to version 4.5 is vulnerable to script execution via malicious upload contents, when files with allowed extensions are stored as protected or draft and MIME detection causes browsers to run the file contents. Affected component/file: uploads handling (protected/draft state) an...

UBUNTU-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

Debian DLA-2269-1 : wordpress security update

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting XSS attacks, create open redirects, escalate privileges, and bypass authorization access. CVE-2020-4046 In affected versions of WordPress, users with lo...

PT-2020-3143 · Cisco · Cisco Unified Communications Manager Session Management Edition +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description: The issue is related to insufficient validation of user-supplied...

SecureAuth IdP Client Template Injection Vulnerability

SecureAuth IdP is a suite of identity management solutions from SecureAuth USA. The product supports features such as two-factor authentication and single sign-on. A security vulnerability exists in the SecureAuth.aspx file in SecureAuth IdP version 9.3.0. An attacker can exploit the vulnerabilit...

CVE-2020-9437

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS...