CVE-2020-12456

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform...

CVE-2020-12456

A remote code execution vulnerability in Mitel MiVoice Connect Client before 214.100.1223.0 could allow an attacker to execute arbitrary code in the chat notification window, due to improper rendering of chat messages. A successful exploit could allow an attacker to steal session cookies, perform...

Multiple cross-site scripting vulnerabilities in Exment

Overview Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Stored cross-site scripting vulnerability in upload files CWE-79 - CVE-2020-5620 Ryoya Koyama of...

JVN#88315581: Multiple cross-site scripting vulnerabilities in Exment

Exment provided by Kajitori Co.,Ltd contains multiple cross-site scripting vulnerabilities listed below. Stored cross-site scripting vulnerability in some input fields CWE-79 - CVE-2020-5619 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N| Base Score: 5.4...

Cisco Vision Dynamic Signage Director Web Management Interface Cross-Site Scripting Vulnerability

Cisco Vision Dynamic Signage Director is an end-to-end dynamic signage and IPTV solution from Cisco USA. A cross-site scripting vulnerability exists in the Web management interface in Cisco Vision Dynamic Signage Director versions prior to 6.2 SP5, which stems from the program failing to properly...

Cisco DNA Center Cross-Site Scripting Vulnerability

Cisco DNA Center is the network management and command center for Cisco DNA. A cross-site scripting vulnerability exists in the Web management interface of Cisco DNA Center. The vulnerability stems from the web management interface failing to properly validate user-supplied input. An attacker cou...

CVE-2020-1182

A remote code execution vulnerability exists in Microsoft Dynamics 365 for Finance and Operations on-premises version 10.0.11. An attacker who successfully exploited this vulnerability could gain remote code execution via server-side script execution on the victim server. An authenticated attacke...

Microsoft SharePoint Cross-Site Scripting Vulnerability (CNVD-2020-64005)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A security...

Microsoft SharePoint Cross-Site Scripting Vulnerability (NVD-C-2020-180981)

Microsoft SharePoint is an enterprise business collaboration platform from Microsoft. The platform is used to consolidate business information and enable sharing of work, collaborating with others, organizing projects and workgroups, and searching for people and information. A cross-site scriptin...

CVE-2020-6284

SAP NetWeaver Knowledge Management, versions - 7.30, 7.31, 7.40, 7.50, allows the automatic execution of script content in a stored file due to inadequate filtering with the accessing user's privileges. If the accessing user has administrative privileges, then the execution of the script content...

CVE-2020-6284

CVE-2020-6284 affects SAP NetWeaver Knowledge Management (versions 7.30, 7.31, 7.40, 7.50). The issue is a stored cross-site scripting (XSS) vulnerability caused by inadequate filtering when executing script content in a stored file. If an accessing user has administrative privileges, this could ...

DEBIAN-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

SilverStripe has an unspecified vulnerability (CNVD-2020-44911)

SilverStripe is New Zealand SilverStripe company's set of open source programming framework and content management system CMS. The system has support for multiple languages , cross-platform and other features . SilverStripe 4.5 and previous versions of a security vulnerability , attackers can use...

GHSA-VC9J-FHVV-8VRF Remote Code Execution in scratch-vm

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code...

Remote Code Execution in scratch-vm

MIT Lifelong Kindergarten Scratch scratch-vm before 0.2.0-prerelease.20200714185213 loads extension URLs from untrusted project.json files with certain characters, resulting in remote code execution because the URL's content is treated as a script and is executed as a worker. The responsible code...

RosarioSIS Cross-Site Scripting Vulnerability (CNVD-2020-42950)

RosarioSIS is a student information system for school management. A cross-site scripting vulnerability exists in RosarioSIS 6.7.2. The vulnerability stems from improper validation of user-supplied input in the Preferences.php script. A remote attacker can exploit the vulnerability by using the ta...

New Relic: One Click Remote Code Injection - *.blog.newrelic.com

With some social engineering, a WordPress admin could be convinced to click a malicious link to abuse a vulnerability in a WordPress plugin. This could lead to script execution or even code execution on the host. Vulnerability: A CSRF vulnerability has been found inside the Admin Panel leading to...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

Design/Logic Flaw

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...