CVE-2020-28931

Lack of an anti-CSRF token in the entire administrative interface in EPSON EPS TSE Server 8 21.0.11 allows an unauthenticated attacker to force an administrator to execute external POST requests by visiting a malicious website...

PYSEC-2020-20

In Apache Airflow versions prior to 1.10.13, the Charts and Query View of the old Flask-admin based UI were vulnerable for SSRF attack...

Tiki Wiki Cross-Site Request Forgery Vulnerability

Tiki Wiki is a Php-based wiki system for the Tiki community. A security vulnerability exists in Tiki Wiki 21.2 that allows templates to be edited without CSRF protection. This could allow an unauthenticated, remote attacker to exploit the vulnerability to perform a cross-site request forgery CSRF...

Cisco Firepower Management Center Software XSS (cisco-sa-fmc-xss-6VqH4rpZ)

According to its self-reported version, Cisco Firepower Management Center is affected by multiple cross-site scripting XSS vulnerabilities in its web-based admin interface due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can explo...

CVE-2020-8260

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

CVE-2020-8255

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary file reading vulnerability is fixed using encrypted URL blacklisting that prevents these messages...

Code injection

A vulnerability in the Pulse Connect Secure 9.1R9 admin web interface could allow an authenticated attacker to perform an arbitrary code execution using uncontrolled gzip extraction...

WSO API Manager Cross-Site Scripting Vulnerability

WSO2 API Manager is a suite of API lifecycle management solutions from WSO2, Inc. A cross-site scripting vulnerability exists in WSO2 API Manager version 3.1.0 and earlier versions, which originates from the failure to filter user input in the owner POST parameter of the administration interface ...

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

CVE-2020-17454

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

Cross site request forgery (csrf)

WSO2 API Manager 3.1.0 and earlier has reflected XSS on the "publisher" component's admin interface. More precisely, it is possible to inject an XSS payload into the owner POST parameter, which does not filter user inputs. By putting an XSS payload in place of a valid Owner Name, a modal box...

CVE-2020-17454

CVE-2020-17454 affects WSO2 API Manager 3.1.0 and earlier. The vulnerability is a reflected XSS in the admin interface of the publisher component via the owner POST parameter, where input is not filtered and an injected payload can be rendered in a modal with an error message; it can also be expl...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

Cross site scripting

CMS Made Simple before 2.2.15 allows XSS via the m1mod parameter in a ModuleManager localuninstall action to admin/moduleinterface.php...

Code injection

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

CVE-2020-8243

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to upload custom template to perform an arbitrary code execution...

CVE-2020-8256

A vulnerability in the Pulse Connect Secure 9.1R8.2 admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML External Entity XXE vulnerability...

PT-2020-6456 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8.2 Description: The issue is related to the Pulse Connect Secure admin web interface, where an authenticated attacker could potentially upload a custom template to execute arbitrary code. This is du...

PT-2020-20064 · Pulse · Pulse Connect Secure

Name of the Vulnerable Software and Affected Versions: Pulse Connect Secure versions prior to 9.1R8.2 Description: A vulnerability in the Pulse Connect Secure admin web interface could allow an authenticated attacker to gain arbitrary file reading access through Pulse Collaboration via XML Extern...

Pexip Infinity Cross-Site Scripting Vulnerability

Pexip Infinity is video communications software that organizations can deploy in their IT infrastructure, public or private cloud, or any hybrid combination to enable everyone to have their own personal, high-quality video, audio, and mobile conferencing experience. A stored cross-site scripting...