CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

CVE-2020-8464

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

Design/Logic Flaw

A vulnerability in Trend Micro InterScan Web Security Virtual Appliance 6.5 SP2 could allow an attacker to send requests that appear to come from the localhost which could expose the product's admin interface to users who would not normally have access...

CVE-2020-8464

CVE-2020-8464 affects Trend Micro InterScan Web Security Virtual Appliance (IWSVA) 6.5 SP2. A vulnerability allows an attacker to craft requests that appear to originate from localhost, potentially exposing the product’s admin interface to users who would not normally have access. The available d...

CVE-2020-28931

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...

PYSEC-2020-20

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

Tiki Wiki Cross-Site Request Forgery Vulnerability

Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in Tiki Wiki 21.2 that allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to exploit the vulnerability to perform a cross-site request forgery CSRF...

Cisco Firepower Management Center Software XSS (cisco-sa-fmc-xss-6VqH4rpZ)

According to its self-reported version, Cisco Firepower Management Center is affected by multiple cross-site scripting XSS vulnerabilities in its web-based admin interface due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can explo...

CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

Code injection

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

WSO API Manager Cross-Site Scripting Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager version 3.1.0 and earlier versions, which originates from the failure to filter user input in the owner POST parameter of the administration interface ...

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

Cross site request forgery (csrf)

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

CVE-2020-17454

CVE-2020-17454 affects WSO2 API Manager 3.1.0 and earlier. The vulnerability is a reflected XSS in the admin interface of the publisher component via the owner POST parameter, where input is not filtered and an injected payload can be rendered in a modal with an error message; it can also be expl...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

Code injection

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

Cross site scripting

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...