CVE-2020-24432

CVE-2020-24432 applies to Adobe Acrobat/Reader affected by an improper input validation vulnerability that could allow arbitrary JavaScript execution in the context of the current user. Affected products include Acrobat Reader DC 2020.012.20048 and earlier, 2020.001.30005 and earlier, 2017.011.30...

QNAP Systems TS-870 Cross-Site Scripting Vulnerability

QNAP Systems TS-870 is a NAS Network Attached Storage appliance from China Weilian QNAP Systems. A cross-site scripting vulnerability exists in the QNAP Systems TS-870 using firmware version 4.3.4.0486. An attacker could exploit the vulnerability to execute arbitrary JavaScript code...

Adobe Acrobat < 2017.011.30180 / 2020.001.30010 / 2020.013.20064 Multiple Vulnerabilities (APSB20-67) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 2017.011.30180, 2020.001.30010, or 2020.013.20064. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 a...

Adobe Acrobat and Reader Input Validation Improperity Vulnerability

Adobe Acrobat is a PDF editing software developed by Adobe.Adobe Reader also known as Acrobat Reader is a PDF file reader developed by Adobe. Adobe Acrobat and Reader have an improper input validation vulnerability. An attacker can exploit this vulnerability to achieve arbitrary JavaScript...

Adobe Acrobat 2017 Security Update (APSB20-67) - Mac OS X

Adobe Acrobat 2017 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

Adobe Acrobat 2017 Security Update (APSB20-67) - Windows

Adobe Acrobat 2017 is prone to multiple vulnerabilities. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you...

CVE-2020-24432

Acrobat Reader DC versions 2020.012.20048 and earlier, 2020.001.30005 and earlier and 2017.011.30175 and earlier and Adobe Acrobat Pro DC 2017.011.30175 and earlier are affected by an improper input validation vulnerability that could result in arbitrary JavaScript execution in the context of the...

CVE-2020-26211

In BookStack

CVE-2020-26210

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

Code injection

In BookStack before version 0.30.4, a user with permissions to edit a page could add an attached link which would execute untrusted JavaScript code when clicked by a viewer of the page. Dangerous content may remain in the database after this update. If you think this could have been exploited the...

PT-2020-5775 · Moinmoin +2 · Moinmoin +2

Name of the Vulnerable Software and Affected Versions: MoinMoin versions prior to 1.9.11 Description: The issue is related to the insufficient protection measures of web page structures in the MoinMoin wiki platform, specifically concerning the upload of SVG files. An attacker with write...

CVE-2020-5932

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting XSS vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed wh...

CVE-2020-5932

On BIG-IP ASM 15.1.0-15.1.0.5, a cross-site scripting XSS vulnerability exists in the BIG-IP ASM Configuration utility response and blocking pages. An authenticated user with administrative privileges can specify a response page with any content, including JavaScript code that will be executed wh...

Apple Safari Arbitrary javascript Code Execution Vulnerability

Apple Safari is a web browser from Apple, Inc. and is the default browser that comes with the Mac OS X and iOS operating systems. An arbitrary javascript code execution vulnerability exists in Safari versions prior to 13.0.5. The vulnerability stems from a problem with custom URL scheme handling...

Microsoft Xamarin.Forms Spoofing Vulnerability

Microsoft Windows is a series of operating systems released by the American company Microsoft. A spoofing vulnerability exists in Microsoft Xamarin.Forms. The vulnerability stems from a default setting in Android WebView versions prior to 83.0.4103.106. An attacker can exploit the vulnerability t...

CVE-2020-9860

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2020-9860

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

Input validation

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

CVE-2020-9860

A custom URL scheme handling issue was addressed with improved input validation. This issue is fixed in Safari 13.0.5. Processing a maliciously crafted URL may lead to arbitrary javascript code execution...

APSB20-60 Security updates available for Marketo

Marketo has released an update for the Marketo Sales Insight package for Salesforce. This update addresses an important vulnerability. Successful exploitation could lead to arbitrary JavaScript execution in the browser...