Foxit Studio Photo Information Disclosure Vulnerability (CNVD-2020-59768)

Foxit Studio Photo is a set of image editing software from the Chinese company Foxit Foxit. An information disclosure vulnerability exists in the handling of SR2 files in Foxit Studio Photo 3.6.6.930 and earlier versions. The vulnerability stems from a lack of proper validation of user-supplied...

CVE-2020-6876

A ZTE product is impacted by an XSS vulnerability. The vulnerability is caused by the lack of correct verification of client data in the WEB module. By inserting malicious scripts into the web module, a remote attacker could trigger an XSS attack when the user browses the web page. Then the...

CVE-2020-8821

Affected software: Webmin 1.941 and earlier. Root cause: Improper data validation in the Command Shell Endpoint allows HTML to be submitted in the Command field; HTML is rendered in Action Logs and across users, with no JavaScript execution. Impact: HTML rendering in logs and cross-user persisten...

The vulnerability of Intel Software Guard Extensions SDK, related to improper data initialization, allows attackers to enhance their privileges.

The vulnerability of Intel Software Guard Extensions SDK relates to incorrect data initialization. Exploiting this vulnerability can allow attackers to enhance their privileges...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-63725)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

CVE-2020-24074

The decode program in silk-v3-decoder Version:20160922 Build By kn007 does not strictly check data, resulting in a buffer overflow...

CVE-2020-3674

Information can leak into userspace due to improper transfer of data from kernel to userspace in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in Nicobar, QCS405, Saipan, SC8180X, SDX55,...

MantisBT Cross-Site Scripting Vulnerability (CNVD-2020-46791)

MantisBT is a Web-based open source defect tracking system of the MantisBT team . The system provides project management and defect tracking services in the form of Web operations. A cross-site scripting vulnerability exists in MantisBT versions prior to 2.24.2. The vulnerability stems from the...

SilverStripe Cross-Site Scripting Vulnerability (CNVD-2020-42956)

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . Silverstripe 4.5 and previous versions of cross-site scripting vulnerability. The...

PHP 7.4.x < 7.4.5 Multiple Vulnerabilities

According to its banner, the version of PHP running on the remote web server is prior to 7.2.30, 7.3.x prior to 7.3.17, or 7.4.x prior to 7.4.5. It is, therefore, affected by multiple vulnerabilities: - An out-of-bounds read error exists in urldecode due to improper data validation checks. An...

CMS Made Simple Cross-Site Scripting Vulnerability (CNVD-2020-60831)

CMS Made Simple CMSMS is an open source content management system CMS from the CMSMS team. The system supports role-based rights management system , wizard-based installation and update mechanism , intelligent caching mechanism and so on. A cross-site scripting vulnerability exists in CMS Made...

Mattermost Server Cross-Site Scripting Vulnerability (CNVD-2020-35340)

Mattermost Server is the United States Mattermost company's set of open source messaging platform. A cross-site scripting vulnerability exists in Mattermost Server versions prior to 3.8.2, prior to 3.7.5, and prior to 3.6.7. The vulnerability stems from a lack of proper validation of client-side...

Neon theme cross-site scripting vulnerability

Bootstrap is a use of HTML, CSS and JavaScript development of open source web front-end framework . Neon theme is used in one of the theme plugin . A cross-site scripting vulnerability exists in Neon theme 2.0 and later versions prior to 2020-06-03 Bootstrap, which stems from a lack of proper...

Django Cross-Site Scripting Vulnerability (CNVD-2020-53544)

Django is the Django Foundation's set of open source Web application framework based on the Python language . The framework includes object-oriented mapper , view system , template system and so on. A cross-site scripting vulnerability exists in Django version 2.2 before 2.2.13 and version 3.0...

TYPO3 Link Handling Component Cross-Site Scripting Vulnerability

TYPO3 is a free and open source content management system framework CMS/CMF of the Swiss TYPO3 Association. A cross-site scripting vulnerability exists in the Link Handling component of TYPO3 versions 9.5.12 through 9.5.16 and 10.2.0 through 10.4.1. The vulnerability stems from a lack of proper...

Katyshop2 Cross-Site Scripting Vulnerability

Katyshop2 is a suite of e-commerce applications based on PHP and MySQL. A cross-site scripting vulnerability exists in Katyshop2 versions prior to 2.12. The vulnerability stems from the WEB application's lack of proper validation of client-side data. An attacker can exploit this vulnerability to...

BookStack Cross-Site Scripting Vulnerability (CNVD-2020-35507)

BookStack is a set of open source using PHP and Laravel to build wiki documentation platform. A cross-site scripting vulnerability exists in BookStack versions 0.18.0 and later fixed in version 0.29.2. The vulnerability stems from a lack of proper validation of client-side data by the WEB...

Buffer overflow vulnerability in multiple NETGEAR products (CNVD-2021-46568)

NETGEAR D3600 and others are products of NETGEAR, Inc.NETGEAR D3600 is a wireless modem.NETGEAR D6100 is a wireless modem.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless router.NETGEAR R6100 is a wireless...

Buffer Overflow Vulnerability in Multiple NETGEAR Products (CNVD-2020-28111)

The NETGEAR R9000, among others, is a wireless router from NETGEAR. A buffer overflow vulnerability exists in multiple NETGEAR products. The vulnerability stems from a networked system or product performing operations in memory without properly validating data boundaries, resulting in incorrect...

The vulnerability of Firefox browser, related to improper data initialization, allows attackers to compromise data integrity.

The vulnerability of the Firefox browser is related to improper data initialization. Exploiting this vulnerability can allow a remote attacker to compromise the integrity of data...