UBUNTU-CVE-2020-13271

A Stored Cross-Site Scripting vulnerability allowed the execution of arbitrary Javascript code in the blobs API in all previous GitLab CE/EE versions through 13.0.1...

Adobe Experience Manager Cross-Site Scripting Vulnerability (CNVD-2020-32611)

Adobe Experience Manager is an enterprise content management solution that helps you simplify the management and delivery of your content and assets. A cross-site scripting vulnerability exists in Adobe Experience Manager. An attacker can exploit this vulnerability to execute arbitrary JavaScript...

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

Input validation

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

CVE-2020-9788

A validation issue was addressed with improved input sanitization. This issue is fixed in macOS Catalina 10.15.5. A file may be incorrectly rendered to execute JavaScript...

CVE-2020-9788

The CVE-2020-9788 entry describes a validation/input sanitization issue in macOS where a file may be rendered in a way that could execute JavaScript. The vulnerability is addressed in macOS Catalina 10.15.5, with Apple noting improved input sanitization as the fix. Public references also align wi...

CVE-2020-13806

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation...

Design/Logic Flaw

An issue was discovered in Foxit Reader and PhantomPDF before 9.7.2. It has a use-after-free because of JavaScript execution after a deletion or close operation...

CVE-2020-13643

An issue was discovered in the SiteOrigin Page Builder plugin before 2.10.16 for WordPress. The live editor feature did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The liveeditorpanelsdata $POST variable allows for malicious JavaScript to be...

CVE-2020-13641

An issue was discovered in the Real-Time Find and Replace plugin before 4.0.2 for WordPress. The faroptionspage function did not do any nonce verification, allowing for requests to be forged on behalf of an administrator. The find and replace rules could be updated with malicious JavaScript,...

CVE-2020-13642

The CVE concerns the WordPress Plugin “Page Builder by SiteOrigin” (SiteOrigin Page Builder) prior to version 2.10.16. The root cause is missing nonce verification in action_builder_content, which enables forged admin-origin requests. The related panels_data ($_POST) handling can allow malicious ...

CVE-2020-13641

CVE-2020-13641 affects WordPress Real-Time Find and Replace plugin prior to 4.0.2. The root cause is missing nonce verification in far_options_page, enabling forged administrator requests. This CSRF can update find/replace rules to inject malicious JavaScript, which could be executed later in vic...

Apple macOS Catalina Security Component Input Validation Error Vulnerability

Apple macOS Catalina is a proprietary operating system developed by Apple Inc. for Mac computers.Security is one of the security components of the system. A security vulnerability exists in the Security component of Apple macOS Catalina versions prior to 10.15.5. An attacker can exploit the...

CVE-2020-13487

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...

Design/Logic Flaw

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...

CVE-2020-13487

The vulnerability is in the bbPress WordPress plugin up to version 2.6.4, where stored XSS exists in the Forum creation section. The issue allows JavaScript execution in the admin interface (wp-admin/edit.php?post_type=forum) and is exploitable by an administrator via the wp-admin/post.php?action...

CVE-2020-13487

The bbPress plugin through 2.6.4 for WordPress has stored XSS in the Forum creation section, resulting in JavaScript execution at wp-admin/edit.php?posttype=forum aka the Forum listing page for all users. An administrator can exploit this at the wp-admin/post.php?action=edit URI...

Nitro Pro PDF Javascript XML error handling Information Disclosure Vulnerability

Summary An exploitable information disclosure vulnerability exists in the way Nitro Pro 13.9.1.155 does XML error handling. A specially crafted PDF document can cause uninitialized memory access resulting in information disclosure. In order to trigger this vulnerability, victim must open a...

Cross site scripting

In BookStack greater than or equal to 0.18.0 and less than 0.29.2, there is an XSS vulnerability in comment creation. A user with permission to create comments could POST HTML directly to the system to be saved in a comment, which would then be executed/displayed to others users viewing the...