CVE-2021-39209

GLPI is a free Asset and IT management software package. In versions prior to 9.5.6, a user who is logged in to GLPI can bypass Cross-Site Request Forgery CSRF protection in many places. This could allow a malicious actor to perform many actions on GLPI. This issue is fixed in version 9.5.6. Ther...

CVE-2021-30119 Authenticated Authenticated reflective XSS in Kaseya VSA <= v9.5.6

Authenticated reflective XSS in HelpDeskTab/rcResults.asp The parameter result of /HelpDeskTab/rcResults.asp is insecurely returned in the requested web page and can be used to perform a Cross Site Scripting attack Example request:...

CVE-2020-15241

TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...

CVE-2020-15241 Cross-Site Scripting in TYPO3 Fluid Engine

TYPO3 Fluid Engine package typo3fluid/fluid before versions 2.0.5, 2.1.4, 2.2.1, 2.3.5, 2.4.1, 2.5.5 or 2.6.1 is vulnerable to cross-site scripting when making use of the ternary conditional operator in templates like showFullName ? fullName : defaultValue. Updated versions of this package are...

Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability

Document Title: =============== Adobe Connect & Desktop v9.5.6 - Persistent Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1838 Security ID: PSIRT-5180 Bulletin: https://helpx.adobe.com/security/products/connect/apsb16-35.html Vulnerabilit...