CVE-2020-15249

CVE-2020-15249 applies to October CMS: backend file upload allowed SVGs without sanitization in versions before 1.0.469 (and 1.0.x), enabling potential stored XSS via uploaded SVG content. The issue’s root cause is lack of SVG sanitization in the Media upload feature; the backend displays SVGs as...

Dell EMC RSA Archer 注入漏洞

Dell EMC RSA Archer is an enterprise IT governance and compliance governance product from Dell USA. The product enables the development of eGRC programs for managing enterprise risk, automating business processes, and more. An injection vulnerability exists in Dell EMC RSA Archer versions 6.8...

CVE-2020-25798

A stored cross-site scripting XSS vulnerability in LimeSurvey before and including 3.21.1 allows authenticated users with correct permissions to inject arbitrary web script or HTML via parameter ParticipantAttributeNamesDropdown of the Attributes on the central participant database page. When the...

U.S. Dept Of Defense: Reflected Xss in [██████]

Description: Reflected XSS in █████████ due to unsanitized single quote '. Impact An attacker could execute arbitrary javascript, and perform malicious actions ! Step-by-step Reproduction Instructions 1. Used payload: simo%27onfocus=%27confirmdocument.domain%27name=%27simo%27simo 2. Visit the url...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

PYSEC-2020-241

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

CVE-2020-15275

Removed by vendor...

Vulnerabilities fixed in Adobe Connect

Adobe has fixed two vulnerabilities in Adobe Connect. A malicious party can use these vulnerabilities to launch a cross-site scripting XSS attack, thus setting up arbitrary javascript code with the victim's privileges. Adobe has released updates to fix the vulnerabilities in Connect 11.0.5. For...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2020-63000)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...

Adobe Connect Cross-Site Scripting Vulnerability (CNVD-2020-63001)

Adobe Connect is an online video conferencing software. A reflected cross-site scripting vulnerability exists in Adobe Connect 11.0 and earlier versions. An attacker can exploit this vulnerability to execute arbitrary JavaScript in a browser...

UBUNTU-CVE-2020-15275

MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrad...

Input validation

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...

CVE-2020-24432

CVE-2020-24432 applies to Adobe Acrobat/Reader affected by an improper input validation vulnerability that could allow arbitrary JavaScript execution in the context of the current user. Affected products include Acrobat Reader DC 2020.012.20048 and earlier, 2020.001.30005 and earlier, 2017.011.30...

QNAP Systems TS-870 Cross-Site Scripting Vulnerability

QNAP Systems TS-870 is a NAS Network Attached Storage appliance from China Weilian QNAP Systems. A cross-site scripting vulnerability exists in the QNAP Systems TS-870 using firmware version 4.3.4.0486. An attacker could exploit the vulnerability to execute arbitrary JavaScript code...

Adobe Acrobat < 2017.011.30180 / 2020.001.30010 / 2020.013.20064 Multiple Vulnerabilities (APSB20-67) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2017.011.30180, 2020.001.30010, or 2020.013.20064. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 a...

Adobe Acrobat and Reader Input Validation Improperity Vulnerability

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an improper input validation vulnerability. An attacker can exploit this vulnerability to achieve arbitrary JavaScript...

Adobe Acrobat 2017 Security Update (APSB20-67) - Windows

Adobe Acrobat 2017 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Adobe Acrobat 2017 Security Update (APSB20-67) - Mac OS X

Adobe Acrobat 2017 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2020-24432

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...

CVE-2020-26211

In BookStack