CVE-2020-9309

Silverstripe CMS through 4.5 can be susceptible to script execution from malicious upload contents under allowed file extensions for example HTML code in a TXT file. When these files are stored as protected or draft files, the MIME detection can cause browsers to execute the file contents. Upload...

CVE-2020-9309

SilverStripe CMS up to version 4.5 is vulnerable to script execution via malicious upload contents, when files with allowed extensions are stored as protected or draft and MIME detection causes browsers to run the file contents. Affected component/file: uploads handling (protected/draft state) an...

UBUNTU-CVE-2020-11934

It was discovered that snapctl user-open allowed altering the $XDGDATADIRS environment variable when calling the system xdg-open. OpenURL in usersession/userd/launcher.go would alter $XDGDATADIRS to append a path to a directory controlled by the calling snap. A malicious snap could exploit this t...

Debian DLA-2269-1 : wordpress security update

Several vulnerabilities were discovered in Wordpress, a web blogging tool. They allowed remote attackers to perform various Cross-Side Scripting XSS attacks, create open redirects, escalate privileges, and bypass authorization access. CVE-2020-4046 In affected versions of WordPress, users with lo...

PT-2020-3143 · Cisco · Cisco Unified Communications Manager Session Management Edition +1

Name of the Vulnerable Software and Affected Versions: Cisco Unified Communications Manager Unified CM and Cisco Unified Communications Manager Session Management Edition Unified CM SME affected versions not specified Description: The issue is related to insufficient validation of user-supplied...

SecureAuth IdP Client Template Injection Vulnerability

SecureAuth IdP is a suite of identity management solutions from SecureAuth USA. The product supports features such as two-factor authentication and single sign-on. A security vulnerability exists in the SecureAuth.aspx file in SecureAuth IdP version 9.3.0. An attacker can exploit the vulnerabilit...

CVE-2020-9437

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS...

CVE-2020-9437

SecureAuth.aspx in SecureAuth IdP 9.3.0 suffers from a client-side template injection that allows for script execution, in the same manner as XSS...

DEBIAN-CVE-2020-14939

An issue was discovered in savestructinternal.c in FreedroidRPG 1.0rc2. Saved game files are composed of Lua scripts that recover a game's state. A file can be modified to put any Lua code inside, leading to arbitrary code execution while loading...

CVE-2020-3350 Cisco AMP for Endpoints and ClamAV Privilege Escalation Vulnerability

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

CVE-2020-3350

A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning malicious files. A...

CVE-2020-14210

Concrete details found: MONITORAPP WAF (AIWAF‑VE/AIWAF‑4000) has a reflected XSS vulnerability due to insufficient validation of client data by the web application. Impact is client‑side code execution. No patch/version remediation is specified in the provided documents; exploitation status is no...

CVE-2020-4046

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

DEBIAN-CVE-2020-4046

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

Hardcoded credentials

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

UBUNTU-CVE-2020-4046

In affected versions of WordPress, users with low privileges like contributors and authors can use the embed block in a certain way to inject unfiltered HTML in the block editor. When affected posts are viewed by a higher privileged user, this could lead to script execution in the editor/wp-admin...

Design/Logic Flaw

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

CVE-2020-4047

CVE-2020-4047 is an authenticated XSS vulnerability in WordPress. According to the provided sources, in affected WordPress versions, users with upload permissions (e.g., authors) can inject JavaScript into certain media attachment pages, enabling script execution in the context of a higher-privil...

CVE-2020-4047

In affected versions of WordPress, authenticated users with upload permissions like authors are able to inject JavaScript into some media file attachment pages in a certain way. This can lead to script execution in the context of a higher privileged user when the file is viewed by them. This has...

CVE-2020-4046

CVE-2020-4046 affects WordPress: low-privilege users can abuse the embed block to inject unfiltered HTML in the block editor, enabling script execution when viewed by a higher-privilege user. Impact is described as editor/wp-admin script execution. The issue has been patched in WordPress 5.4.2 an...